You are here: Webhelp 5.5R7 > System > Device Management

Device Management

Introduces how to configure the Administrator, Trust Host, MGT Interface, System Time, NTP Key and system options.

Administrators

Device administrators of different roles have different privileges. The system supports pre-defined administrator roles and customized administrator roles. By default, the system supports the following administrators, which cannot be deleted or edited:

  • admin: Permission for reading, executing and writing. This role has the authority over all features. You can view the current or historical configuration information.
  • admin-read-only: Permission for reading and executing. You can view the current or historical configuration information.
  • operator: Permission for reading, executing and writing. You have the authority over all features except modify the Administrator's configuration, view the current or historical configuration information , but no permission to check the log information.
  • auditor: You can only operate on the log information, including view, export and clear.

The following table shows the permissions to different types of administrators.

Operation Administratior Administratior(read-only) Auditor Operator
Configure (including saving configuration) χ χ
Configure administrator χ χ χ
Restore factory default χ χ χ
Delete configuration file χ χ
Roll back configuration χ χ
Reboot χ χ χ
View configuration information χ
View log information χ
Modify current admin password χ
ping/traceroute χ
  • The device ships with a default administrator named hillstone. You can modify the setting of hillstone. However, this account cannot be deleted.
  • Other administrator roles (except default administrator) cannot configure the admin settings, except modifying its own password.

  • The system auditor can manage one or more logs, but only the system administrator can manage the log types.

VSYS Administrator

Administrators in different VSYSs are independent from each other. Administrators in the root VSYS are known as root administrators and administrators in the non-root VSYS are known as non-root administrators. The system supports four types of administrator, including Administrators, Administrator(read-only), Operator, and Auditor.

When creating VSYS administrators, you must follow the rules listed below:

  • Backslash (\) cannot be used in administrator names.

  • The non-root administrators are created by root administrators or root operators after logging into the non-root VSYS.

  • After logging into the root VSYS, the root administrators can switch to the non-root VSYS and configure it.

  • Non-root administrators can enter the corresponding non-root VSYS after a successful login, but the non-root administrators cannot switch to the root VSYS.

  • Each administrator name should be unique in the VSYS it belongs to, while administrator names can be the same in different VSYSs. In such a case, when logging in, you must specify the VSYS the administrator belongs to in form of vsys_name\admin_name. If no VSYS is specified, you will enter the root VSYS.

The following table shows the permissions to different types of VSYS administrators.

Operation Root VSYS Administratior Root VSYS Administratior(read-only) Root VSYS Auditor Root VSYS Operator Non-root VSYS Administratior Non-root VSYS Administratior(read-only) Non-root VSYS Operator Non-root VSYS Auditor
Configure (including saving configuration) χ χ χ χ
Configure administrator χ χ χ χ χ χ
Restore factory default χ χ χ χ χ χ χ
Delete configuration file χ χ χ χ
Roll back configuration χ χ χ χ
Reboot χ χ χ χ χ χ χ
View configuration information χ View information in current VSYS View information in current VSYS View information in current VSYS χ
View log information χ χ
Modify current admin password
ping/traceroute χ χ

Creating an Administrator Account

To create an administrator account, take the following steps:

  1. Select System > Device Management > Administrators.
  2. Click New.
  3. In the Configuration dialog box, configure the following.

  4. Click OK.

Admin Roles

Device administrators of different roles have different privileges. The system supports pre-defined administrator roles and customized administrator roles. The pre-defined administrator role cannot be deleted or edited. You can customize administrator roles according to your requirements:

To create a new administrator role, take the following steps:

  1. Select System > Device Management > Admin Roles.
  2. Click New.
  3. Click OK to save the settings.

Trusted Host

The device only allows the trusted host to manage the system to enhance the security. Administrator can specify an IP range, and hosts in the specified IP range are trusted hosts. Only trusted hosts could access the management interface to manage the device.

If the system cannot be managed remotely, check the trusted host configuration.

Creating a Trusted Host

To create a trust host, take the following steps:

  1. Select System > Device Management > Trusted Host.
  2. Click New.
  3. In the Trusted Host Configuration dialog box, configure these values.

  4. Click OK.

Management Interface

The device supports the following access methods: Console, Telnet, SSH and WebUI. You can configure the timeout value, port number, PKI trust domain of HTTPS,and PKI trust domain of certificate authentication. When accessing the device through Telnet, SSH, HTTP or HTTPS, if login fails three times in one minute, the IP address that attempts the login will be blocked for 2 minutes during which the IP address cannot connect to the device.

To configure the access methods:

  1. Select System > Device Management > Management Interface.
  2. In the Management Interface tab, configure these values.
  3. Click OK.

When changing HTTP port, HTTPS port or HTTPS Trust Domain, the web server will restart. You may need to log in again if you are using the Web interface.

System Time

You can configure the current system time manually, or synchronize the system time with the NTP server time via NTP protocol.

Configuring the System Time Manually

To configure the system time manually, take the following steps:

  1. Select System > Device Management > System Time.
  2. Click OK.

Configuring NTP

The system time may affect the establishment time of VPN tunnel and the schedule, so the accuracy of the system time is very important. To ensure the system is able to maintain an accurate time, the device allows you to synchronize the system time with a NTP server on the network via NTP protocol.

To configure NTP:

  1. Select System > Device Management > System Time.
  2. Click OK.

NTP Key

After enabling NTP Authentication function, you need to configure MD5 key ID and keys. The device will only synchronize with the authorized servers.

Creating a NTP Key

To create an NTP key:

  1. Select System > Device Management > NTP Key.
  2. Click NEW.
  3. In the NTP Key Configuration dialog box, configure these values.

  4. Click OK.

Option

Specifies system options, including system language, administrator authentication server, host name, password strategy, reboot and exporting the system debugging information.

To change system option, take the following steps:

  1. Select System > Device Management > Option
  2. Click OK.

Rebooting the System

Some operations like license installation or image upgrading will require the system to reboot before it can take effect.

To reboot a system, take the following steps:

  1. Go to System > Device Management > Option .
  2. Click Reboot, and select Yes in the prompt.
  3. The system will reboot. You need to wait a while before it can start again.

System Debug

System debug is supported for you to check and analyze the problems.

Failure Feedback

To enable the failure feedback function, take the following steps:

  1. Select System > Device Management> Option.
  2. In the System Tools dialog box, select the Enable check box for Failure feedback, and then system will automatically send the technical support file to the manufacturer.

System Debug Information

System debugging helps you to diagnose and identify system errors by the exported file.

To export the system debugging information, take the following steps:

  1. Select System > Device Management> Option.
  2. Click Export, system will pack the file in /etc/local/core and prompt to save tech-support file. After selecting the saved location and click OK, you can export the file successfully.