Sie sind auf Seite 1von 5

01 Apr


https--->webUI--->Huawei Secospace USG6300

Posted in Security

As a graphical user interface is useless in case of routers and switches, it looks useful when con guring a rewall. Of course it is my point of view. I do not
go into what is better for you. I like using CLI but, sometimes, it is worth to simplify your daily routine. The rst step is to con gure HTTPS access to
webUI of USG6300. This is what we will focus today.
Well known topology from the last post:

Configure IP address of firewall's interface and add it to trust zone:

[USG6300]interface GigabitEthernet 0/0/7
[USG6300-GigabitEthernet0/0/7]ip address 24
[USG6300]firewall zone trust
[USG6300-zone-trust]add interface GigabitEthernet 0/0/7

Enable HTTPS server on that interface:

[USG6300]interface GigabitEthernet 0/0/7
[USG6300-GigabitEthernet0/0/7]service-manage https permit

Create two administrator's accounts:

manager-user web_lab
password cipher %@%@`ruiCXfgEFCJGnNu0!<@&bYP@.eMJIk7-H&m&h&[xo11Oh_Z%@%@
service-type web
level 15
ftp-directory hda1:
ssh authentication-type password
ssh service-type stelnet
manager-user web_lab_2
password cipher %@%@S0e84!g|rRX38&1S*-l;h*!ub`{@$-`o0=71fW<8Ch{9g0'"%@%@
service-type web
level 15
ftp-directory hda1:
ssh authentication-type password
ssh service-type stelnet

Why two accounts? Because we will assign different roles for these 2 administrators to show you such possibility. We will use the default system-admin
role for one administrator and a new created web-admin role for the second one.

converted by

role system-admin
description system-admin
dashboard read-write
monitor read-write
policy read-write
object read-write
network read-write
system read-write
role web_lab
dashboard none
read-only session statistic statistic-acl
none packet-capture diagnose
policy none
object none
network none
system none

Then we can bind our administrators to properly defined roles:

[USG6300-aaa]bind manager-user web_lab role system-admin
[USG6300-aaa]bind manager-user web_lab_2 role web_lab

Enable HTTPS server with default certificate and set the service port:
[USG6300]web-manager enable
Enable http server successfully !
[USG6300]web-manager security enable port 8443
Enable http security-server successfully ! web-manager

Let's verify what will happen if we use both accounts to get to GUI of the firewall .
Open a browser and enter

converted by

As you can notice, the access varies depending on the assigned role for administrators.
Tags: Huawei firewall, Secospace USG6300, HTTPS, GUI of USG6300

converted by


Sort by Oldest First

Sort by Latest First

No comments found


Login to post a comment



Remember me



Forgot password

Post comment as a guest

Name (Required):



Your comments are subjected to administrator's moderation.

Agree to terms and condition.

Submit Comment

Powered by Komento

Basic Con guration
Cheat Sheets
converted by

Command Line
How To
IP Routing
IP Services
System Management

Latest Posts
NAT server on Huawei USG5500
outbound NAT on Huawei USG5500
https--->webUI--->Huawei Secospace USG6300
VTY access to Secospace USG6300
CPU usage alarm threshold

Built with HTML5 and CSS3

- Copyright 2014 Labnario
Powered by Warp Theme Framework

converted by