Labnario Com(2)

download Labnario Com(2)

of 5

Transcript of Labnario Com(2)

  • 7/24/2019 Labnario Com(2)

    1/5

    https--->webUI--->Huawei Secospace USG6300

    Posted in Security

    As a graphical user interface is useless in case of routers and switches, it looks useful when conguring a rewall. Of course it is my point of view. I do not

    go into what is better for you. I like using CL ICL I but, sometimes, it is worth to simplify your daily routine. The rst step is to congure HTTPSHTTPS access to

    webUI of USG6300. This is what we will focus today.

    Well known topology from the last post:

    Configure IP address of firewall's interface and add it totrust zone:

    [USG6300]interface GigabitEthernet 0/0/7

    [USG6300-GigabitEthernet0/0/7]ip address 172.16.1.1 24

    [USG6300]firewall zone trust

    [USG6300-zone-trust]add interface GigabitEthernet 0/0/7

    Enable HTTPSserver on that interface:

    [USG6300]interface GigabitEthernet 0/0/7

    [USG6300-GigabitEthernet0/0/7]service-manage https permit

    Create two administrator's accounts:

    #

    manager-user web_lab

    password cipher %@%@`ruiCXfgEFCJGnNu0!

  • 7/24/2019 Labnario Com(2)

    2/5

    #

    role system-admin

    description system-admin

    dashboard read-write

    monitor read-write

    policy read-write

    object read-write

    network read-write

    system read-write

    #

    role web_lab

    dashboard none

    monitor

    read-only session statistic statistic-acl

    none packet-capture diagnose

    policy none

    object none

    network none

    system none

    #

    Then we can bind our administrators to properly defined roles:

    [USG6300-aaa]bind manager-user web_lab role system-admin

    [USG6300-aaa]bind manager-user web_lab_2 role web_lab

    Enable HTTPSserver with default certificate and set the service port:

    [USG6300]web-manager enable

    Enable http server successfully !

    [USG6300]web-manager security enable port 8443

    Enable http security-server successfully ! web-manager

    Let's verify what will happen if we use both accounts to get to GU IGU I of the firewallfirewall .

    Open a browser and enter https://172.16.1.1:8443.

    converted by Web2PDFConvert.com

    http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://localhost/var/www/apps/conversion/tmp/scratch_7/images/2015/webUI_web_lab_user_2.png
  • 7/24/2019 Labnario Com(2)

    3/5

    As you can notice, the access varies depending on the assigned role for administrators.

    Tags: Huawei firewall, Secospace USG6300, HTTPS, GUI of USG6300

    converted by Web2PDFConvert.com

    http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/147-gui-of-usg6300http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/146-httpshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/143-secospace-usg6300http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/119-huawei-firewallhttp://localhost/var/www/apps/conversion/tmp/scratch_7/images/2015/webUI_web_lab_2_user_2.png
  • 7/24/2019 Labnario Com(2)

    4/5

    Powered by Komento

    Submit CommentSubmit Comment

    COMMENTS

    No comments foundNo comments found

    LEAVEYOUR COMMENTS

    Post comment as a guest

    Your comments are subjected to administrator's moderation.

    Sort by Oldest First Sort by Latest First

    Login to post a comment

    LoginRemember me

    Register Forgot password

    Name (Required):

    Email:

    Website:

    0

    Agree toterms and condition.

    Categories

    Basic Conguration

    Cheat Sheets

    Username Password

    converted by Web2PDFConvert.com

    http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/27-labnario/cheat-sheetshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/10-labnario/basic-configurationhttp://stackideas.com/http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/users/?view=resethttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/users/?view=registration
  • 7/24/2019 Labnario Com(2)

    5/5

    Command Line

    Ethernet

    FAQ

    General

    How To

    IP Routing

    IP Services

    Multicast

    QoS

    ReliabilitySecurity

    System Management

    VPN

    WAN

    Latest Posts

    NAT server on Huawei USG5500

    outbound NAT on Huawei USG5500

    https--->webUI--->Huawei Secospace USG6300

    VTY access to Secospace USG6300

    CPU usage alarm threshold

    Powered by Warp Theme Framework

    Built with HTML5 and CSS3

    - Copyright 2014 Labnario

    converted by Web2PDFConvert com

    http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://www.yootheme.com/http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/11-labnario/command-line/174-cpu-usage-alarm-thresholdhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/security/175-ways-of-access-to-secospace-usg6300http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/security/177-outbound-nat-on-huawei-usg5500http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/security/178-nat-server-on-huawei-usg5500http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/26-labnario/wanhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/25-labnario/vpnhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/24-labnario/system-managementhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/securityhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/22-labnario/reliabilityhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/21-labnario/qoshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/28-labnario/multicasthttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/20-labnario/ip-serviceshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/19-labnario/ip-routinghttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/18-labnario/how-tohttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/17-labnario/generalhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/16-labnario/faqhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/15-labnario/ethernethttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/11-labnario/command-line