Sie sind auf Seite 1von 5

01 Apr

2015

https--->webUI--->Huawei Secospace USG6300


Posted in Security

As a graphical user interface is useless in case of routers and switches, it looks useful when con guring a rewall. Of course it is my point of view. I do not
go into what is better for you. I like using CLI but, sometimes, it is worth to simplify your daily routine. The rst step is to con gure HTTPS access to
webUI of USG6300. This is what we will focus today.
Well known topology from the last post:

Configure IP address of firewall's interface and add it to trust zone:


[USG6300]interface GigabitEthernet 0/0/7
[USG6300-GigabitEthernet0/0/7]ip address 172.16.1.1 24
[USG6300]firewall zone trust
[USG6300-zone-trust]add interface GigabitEthernet 0/0/7

Enable HTTPS server on that interface:


[USG6300]interface GigabitEthernet 0/0/7
[USG6300-GigabitEthernet0/0/7]service-manage https permit

Create two administrator's accounts:


#
manager-user web_lab
password cipher %@%@`ruiCXfgEFCJGnNu0!<@&bYP@.eMJIk7-H&m&h&[xo11Oh_Z%@%@
service-type web
level 15
ftp-directory hda1:
ssh authentication-type password
ssh service-type stelnet
#
manager-user web_lab_2
password cipher %@%@S0e84!g|rRX38&1S*-l;h*!ub`{@$-`o0=71fW<8Ch{9g0'"%@%@
service-type web
level 15
ftp-directory hda1:
ssh authentication-type password
ssh service-type stelnet
#

Why two accounts? Because we will assign different roles for these 2 administrators to show you such possibility. We will use the default system-admin
role for one administrator and a new created web-admin role for the second one.

converted by Web2PDFConvert.com

#
role system-admin
description system-admin
dashboard read-write
monitor read-write
policy read-write
object read-write
network read-write
system read-write
#
role web_lab
dashboard none
monitor
read-only session statistic statistic-acl
none packet-capture diagnose
policy none
object none
network none
system none
#

Then we can bind our administrators to properly defined roles:


[USG6300-aaa]bind manager-user web_lab role system-admin
[USG6300-aaa]bind manager-user web_lab_2 role web_lab

Enable HTTPS server with default certificate and set the service port:
[USG6300]web-manager enable
Enable http server successfully !
[USG6300]web-manager security enable port 8443
Enable http security-server successfully ! web-manager

Let's verify what will happen if we use both accounts to get to GUI of the firewall .
Open a browser and enter https://172.16.1.1:8443.

converted by Web2PDFConvert.com

As you can notice, the access varies depending on the assigned role for administrators.
Tags: Huawei firewall, Secospace USG6300, HTTPS, GUI of USG6300

converted by Web2PDFConvert.com

COMMENTS

Sort by Oldest First

Sort by Latest First

No comments found

LEAVE YOUR COMMENTS

Login to post a comment


Username

Password

Remember me

Register

Login

Forgot password

Post comment as a guest


Name (Required):

Email:

Website:

Your comments are subjected to administrator's moderation.


Agree to terms and condition.

Submit Comment

Powered by Komento

Categories
Basic Con guration
Cheat Sheets
converted by Web2PDFConvert.com

Command Line
Ethernet
FAQ
General
How To
IP Routing
IP Services
Multicast
QoS
Reliability
Security
System Management
VPN
WAN

Latest Posts
NAT server on Huawei USG5500
outbound NAT on Huawei USG5500
https--->webUI--->Huawei Secospace USG6300
VTY access to Secospace USG6300
CPU usage alarm threshold

Built with HTML5 and CSS3


- Copyright 2014 Labnario
Powered by Warp Theme Framework

converted by Web2PDFConvert.com