防火墙登录方式

1.通过telnet方式登录
[USG6000V1]telnet server enable //设备开启Telnet功能
[USG6000V1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
配置接口访问控制功能
[USG6000V1-GigabitEthernet1/0/1]service-manage enable
[USG6000V1-GigabitEthernet1/0/1]service-manage telnet
配置接口加入安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add interface GigabitEthernet 1/0/1
配置VTY管理员认证方式为AAA
[USG6000V1]user-interface vty 0 4
[USG6000V1-ui-vty0-4]authentication-mode aaa
[USG6000V1-ui-vty0-4]protocol inbound telnet
[USG6000V1-ui-vty0-4]user privilege level 3
配置TELNET管理员
[USG6000V1]aaa
[USG6000V1-aaa-manager-user-telnetuser]password cipher 12345678
[USG6000V1-aaa-manager-user-telnetuser]service-type telnet
[USG6000V1-aaa-manager-user-telnetuser]level 3
为管理员绑定角色
[USG6000V1-aaa]bind manager-user telnetuser role system-admin
2.通过SSH方式登录
开启SSH功能
[USG6000V1]stelnet server enable
配置登录接口
[USG6000V1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
配置接口的访问控制功能
[USG6000V1-GigabitEthernet1/0/1]service-manage enable
[USG6000V1-GigabitEthernet1/0/1]service-manage ssh permit
配置接口加入安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/1
配置VTY管理员认证方式为AAA
[USG6000V1]user-interface vty 0 4
[USG6000V1-ui-vty0-4]authentication-mode aaa
[USG6000V1-ui-vty0-4]protocol inbound ssh
[USG6000V1-ui-vty0-4]user privilege level 3
创建SSH管理账号，指定认证方式和服务方式
[USG6000V1]aaa
[USG6000V1-aaa]manager-user sshuser
[USG6000V1-aaa-manager-user-sshuser]password cipher ABCabc@123
[USG6000V1-aaa-manager-user-sshuser]service-type ssh
[USG6000V1-aaa-manager-user-sshuser]level 3
为管理员绑定角色
[USG6000V1-aaa]bind manager-user sshuser role system-admin
配置SSH用户
[USG6000V1]ssh user sshuser
[USG6000V1]ssh user sshuser authentication-type password
[USG6000V1]ssh user sshuser service-type stelnet
生成本地密钥对
[USG6000V1]rsa local-key-pair create
The key name will be: USG6000V1_Host
The range of public key size is (2048 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:
Generating keys...
...+++++
........................++
....++++
...........++
3.通过WEB方式登录
默认设备的web服务功能已启动，如果未启动开启命令为
[USG6000V1]web-manager security enable //执行security参数，是开启https管理，否则是开启HTTP设备管理
配置登录接口
[USG6000V1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
[USG6000V1-GigabitEthernet1/0/1]service-manage enable
[USG6000V1-GigabitEthernet1/0/1]service-manage https permit
配置接口加入安全区域
[USG6000V1]firewall zone trust
[USG6000V1-zone-trust]add int g1/0/1
配置管理员信息
[USG6000V1]aaa
[USG6000V1-aaa]manager-user webuser
[USG6000V1-aaa-manager-user-webuser]password cipher ABCabc@123
[USG6000V1-aaa-manager-user-webuser]level 3
[USG6000V1-aaa-manager-user-webuser]service-type web
[USG6000V1-aaa]bind manager-user webuser role system-admin
4.配置防火墙为FTP服务器
[USG-1]security-policy
[USG-1-policy-security]rule name ftp_backup
[USG-1-policy-security-rule-ftp_backup]source-zone trust
[USG-1-policy-security-rule-ftp_backup]destination-zone local
[USG-1-policy-security-rule-ftp_backup]service ftp
[USG-1-policy-security-rule-ftp_backup]action permit
[USG-1]int g1/0/1
[USG-1-GigabitEthernet1/0/1]ip add 10.1.2.1 24
[USG-1]firewall zone trust
[USG-1-zone-trust]add interface GigabitEthernet 1/0/1
[USG-1]ftp server enable
[USG-1]aaa
[USG-1-aaa]manager-user ftpuser
[USG-1-aaa-manager-user-ftpuser]service-type ftp
[USG-1-aaa-manager-user-ftpuser]password cipher ABCabc@123
[USG-1-aaa-manager-user-ftpuser]level 3
[USG-1-aaa-manager-user-ftpuser]ftp-directory hda1:/