Professional Documents
Culture Documents
Chapter 5 - System Management
Chapter 5 - System Management
HCSA-NGFW 2022
1 Initial System Login
Contents
2 WebUI
3 System Management
5 Firmware Upgrade
6 License Management
Initial System Login
Device Management Method
• You can access the device directly or remotely by using CLI or WebUI.
• Support to manage via console、telnet、ssh、http、https
COM Ethernet0/0
or MGT
www.hillstonenet.com
CLI Access (1)
• Manage the device via CLI,only SSH enabled by default
• Default management setting:
- Management Port: ethernet 0/0 or MGT
- SSH 192.168.1.1
- Username/password: hillstone
www.hillstonenet.com
CLI Access (2)
• Access the device via console
• Default management setting:
- Baud rate 9600
- Username/password: hillstone
www.hillstonenet.com
Virtualized Management
• Under EVE vitrulized environment, E0/0
management IP will be automatically
assigned.
• Use telnet to access the CLI,show interface
to see the interface IP, use https to access
WebUI
www.hillstonenet.com
WebUI
WebUI Dashboard
www.hillstonenet.com
WebUI System and Signature Database
www.hillstonenet.com
WebUI Network Page
www.hillstonenet.com
WebUI Policy Page
www.hillstonenet.com
WebUI Monitor Page
www.hillstonenet.com
System Management
System Administrator
• A default administrator named “hillstone” is bundled with the system with the default password “hillstone”. You can modify its settings (such
as change the password), but this admin account can not be deleted.
www.hillstonenet.com
Configure Admin Roles
System>Device Management>Admin Roles:
www.hillstonenet.com
Configure System Administrator
System>Device Management>Administrators:
www.hillstonenet.com
Trusted Host
• Trusted Host
- Device only allows the trust host to manage the system to enhance the security. Administrator can specify an IP range,
and hosts in the specified range are trust hosts.
Create New Trusted Host at first, and then delete the default www.hillstonenet.com
one.
Management Interface
System > Device Management > Management Interface
www.hillstonenet.com
System Time
System > Device Management > System Time
『Sync』with local PC、manually configure、sync with NTP server
www.hillstonenet.com
3rd Party AAA Server Admin Authentication
System > Device Management > Option
• Support Radius and Tacacs+ server as Admin authentication
www.hillstonenet.com
3rd Party AAA Server Autentication
System > Device Management > Option > System Setting
• Support Radius and Tacacs+ server to be used as device admin authentication. You can log in to the firewall
through the account and password of the third-party AAA server and manage the FW.
23 www.hillstonenet.com
Configuration File Management
Configuration File Management
System > Configuration File Management
www.hillstonenet.com
Restore to Factory Settings
Caution:Resetting your device will erase all configurations, including the settings that have been saved.
• CLI
- Command: unset all
• WebUI
- System>Configuration File Management>Backup Restore>『Restore』
• CLR button (hard reset)
CLR button is in the pin hole of device’s front panel. When Admin forget the device’s password, it can be
used to restore device to factory default.
www.hillstonenet.com
Configuration File Management
System > Current Configurations
www.hillstonenet.com
Firmware Upgrade
StoneOS Upgrade
System>Upgrade Management
• 2 copies of system firmware can be stored in the device. System will back up the firmware specified by admin while uploading
new StoneOS version. Firmware can be switched between 2 copies.
www.hillstonenet.com
Signature Database Update
• Support two update methods: online update (FW can access to Internet, and DNS server configured) and local offline update
- update1.hillstonenet.com
- update2.hillstonenet.com
www.hillstonenet.com
Device Booting Process
• When a device is powered on, the Bootloader tries to start StoneOS or Sysloader. The Sysloader is used to
select existing StoneOS in the system or upgrade StoneOS via FTP, TFTP or USB Host interface. Or you can
upgrade firmware in WebUI after login.
www.hillstonenet.com
License Management
All License Display
• At license page, it displays not only all supported licenses by this device, but also the installed license / Not
installed license
www.hillstonenet.com
v
License Classes and Rules
• Platform license is the basis of the other licenses operation. If the platform license is invalid, the other licenses are not effective. The
device have been pre-installed platform trial license for 15 days in the factory.
• You can install the platform license after the device formal sale. The license provide basic firewall and VPN function.
34 www.hillstonenet.com.cn
Apply for a Trial License
• Step 1: Generate a license request
WebUI:System > License > Apply For, fill out the user information and click 『Generate』
www.hillstonenet.com
Apply for a Trial License
• Step 2: Send the license request to Hillstone Regional Sales/SE (via Email / copy and paste it at case
description filed)
www.hillstonenet.com
Apply for a Trial License
An email as shown below will be sent from Hillstone if application is approved and license has
been issued
Copy the license code and install it at device.
A license code starts with “license:” and ends with “==“
www.hillstonenet.com
Install a License from WebUI
• Step 3: Install the license
WebUI: Click System > License > Import, and select Manual input. Paste the
license code here and then click 『Upload』. Or upload the license file
www.hillstonenet.com
Install a License via CLI
• Use the following command to install a license:
hostname# exec license install +license code
• Message “successfully install the license!” will be displayed in a few seconds.
• Reboot the device if needed to make the new license take effect.
www.hillstonenet.com
Questions
1. Does Hillstone firewall support 3rd party server as admin authentication server? Which protocol is supported?
2. How many admin roles exist at device by default, and what are they?
3. How many configuration files can be stored at StoneOS?
4. How to restore device to factory settings?
5. What is the difference between trial license and formal license once it expired?
6. What is the address of signature database update server?
7. How to manage the device via console interface?
8. How to enable the access IP of WAN interface?
www.hillstonenet.com
Thanks