Labnario Com(2)

7/24/2019 Labnario Com(2)

1/5

https--->webUI--->Huawei Secospace USG6300

Posted in Security

As a graphical user interface is useless in case of routers and switches, it looks useful when conguring a rewall. Of course it is my point of view. I do not

go into what is better for you. I like using CL ICL I but, sometimes, it is worth to simplify your daily routine. The rst step is to congure HTTPSHTTPS access to

webUI of USG6300. This is what we will focus today.

Well known topology from the last post:

Configure IP address of firewall's interface and add it totrust zone:

[USG6300]interface GigabitEthernet 0/0/7

[USG6300-GigabitEthernet0/0/7]ip address 172.16.1.1 24

[USG6300]firewall zone trust

[USG6300-zone-trust]add interface GigabitEthernet 0/0/7

Enable HTTPSserver on that interface:

[USG6300]interface GigabitEthernet 0/0/7

[USG6300-GigabitEthernet0/0/7]service-manage https permit

Create two administrator's accounts:

#

manager-user web_lab

password cipher %@%@`ruiCXfgEFCJGnNu0!


2/5

#

role system-admin

description system-admin

dashboard read-write

monitor read-write

policy read-write

object read-write

network read-write

system read-write

#

role web_lab

dashboard none

monitor

read-only session statistic statistic-acl

none packet-capture diagnose

policy none

object none

network none

system none

#

Then we can bind our administrators to properly defined roles:

[USG6300-aaa]bind manager-user web_lab role system-admin

[USG6300-aaa]bind manager-user web_lab_2 role web_lab

Enable HTTPSserver with default certificate and set the service port:

[USG6300]web-manager enable

Enable http server successfully !

[USG6300]web-manager security enable port 8443

Enable http security-server successfully ! web-manager

Let's verify what will happen if we use both accounts to get to GU IGU I of the firewallfirewall .

Open a browser and enter https://172.16.1.1:8443.

converted by Web2PDFConvert.com
http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://localhost/var/www/apps/conversion/tmp/scratch_7/images/2015/webUI_web_lab_user_2.png


3/5

As you can notice, the access varies depending on the assigned role for administrators.

Tags: Huawei firewall, Secospace USG6300, HTTPS, GUI of USG6300

http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/147-gui-of-usg6300http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/146-httpshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/143-secospace-usg6300http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/tags/tag/119-huawei-firewallhttp://localhost/var/www/apps/conversion/tmp/scratch_7/images/2015/webUI_web_lab_2_user_2.png


4/5

Powered by Komento

Submit CommentSubmit Comment

COMMENTS

No comments foundNo comments found

LEAVEYOUR COMMENTS

Post comment as a guest

Your comments are subjected to administrator's moderation.

Sort by Oldest First Sort by Latest First

Login to post a comment

LoginRemember me

Register Forgot password

Name (Required):

Email:

Website:

0

Agree toterms and condition.

Categories

Basic Conguration

Cheat Sheets

Username Password

http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/27-labnario/cheat-sheetshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/10-labnario/basic-configurationhttp://stackideas.com/http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/users/?view=resethttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/component/users/?view=registration


5/5

Command Line

Ethernet

FAQ

General

How To

IP Routing

IP Services

Multicast

QoS

ReliabilitySecurity

System Management

VPN

WAN

Latest Posts

NAT server on Huawei USG5500

outbound NAT on Huawei USG5500

https--->webUI--->Huawei Secospace USG6300

VTY access to Secospace USG6300

CPU usage alarm threshold

Powered by Warp Theme Framework

Built with HTML5 and CSS3

- Copyright 2014 Labnario

converted by Web2PDFConvert com
http://www.web2pdfconvert.com/?ref=PDFhttp://www.web2pdfconvert.com/?ref=PDFhttp://www.yootheme.com/http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/11-labnario/command-line/174-cpu-usage-alarm-thresholdhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/security/175-ways-of-access-to-secospace-usg6300http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/security/177-outbound-nat-on-huawei-usg5500http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/security/178-nat-server-on-huawei-usg5500http://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/26-labnario/wanhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/25-labnario/vpnhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/24-labnario/system-managementhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/23-labnario/securityhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/22-labnario/reliabilityhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/21-labnario/qoshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/28-labnario/multicasthttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/20-labnario/ip-serviceshttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/19-labnario/ip-routinghttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/18-labnario/how-tohttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/17-labnario/generalhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/16-labnario/faqhttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/15-labnario/ethernethttp://localhost/var/www/apps/conversion/tmp/scratch_7/index.php/11-labnario/command-line

Labnario Com(2)

Documents

Transcript of Labnario Com(2)