FAQ About Administrator

This section describes FAQs related to administrator login.

When the FW Is Connected to the Network at Layer 2 in Transparent Mode, How Can I Log In to the Device Through Service Interfaces?

Add the layer-2 interface (service interface) to the VLAN and log in to the device through interface VLANIF. For example, the two service interfaces are GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2. The configurations are as follows:

# Create a VLAN and add the interfaces to the VLAN. By default, the interfaces belong to VLAN1.

<FW> system-view
[FW] vlan 2
[FW-vlan-2] quit
[FW] interface GigabitEthernet 0/0/1
[FW-GigabitEthernet0/0/1] portswitch
[FW-GigabitEthernet0/0/1] port link-type access
[FW-GigabitEthernet0/0/1] port default vlan 2
[FW-GigabitEthernet0/0/1] quit
[FW] interface GigabitEthernet 0/0/2
[FW-GigabitEthernet0/0/2] portswitch
[FW-GigabitEthernet0/0/2] port link-type access
[FW-GigabitEthernet0/0/2] port default vlan 2
[FW-GigabitEthernet0/0/2] quit

# Configure the VLANIF interfaces.

[FW] interface vlanif 2
[FW-Vlanif2] ip address 10.1.3.1 24
[FW-Vlanif2] service-manage enable
[FW-Vlanif2] service-manage ssh permit
[FW-Vlanif2] service-manage https permit
[FW-Vlanif2] quit
[FW] firewall zone trust
[FW-zone-trust] add interface vlanif 2
[FW-zone-trust] quit

# Configure a security policy from the Trust zone, where the VLANIF interfaces reside, to the Local zone.

[FW] security-policy
[FW-policy-security] rule name policy_sec
[FW-policy-security-rule-policy_sec] source-zone trust
[FW-policy-security-rule-policy_sec] destination-zone local
[FW-policy-security-rule-policy_sec] action permit
[FW-policy-security-rule-policy_sec] quit
[FW-policy-security] quit

Why Does Not the Administrator of a Specific Level (Such as Level 1) Have the Permission to Execute the Command of the Same Level?

The administrator whose level is higher than or equal to the level of a command can identify the command but may not be able to run the command.

When the rights- and domain-based control function is enabled (undo role-switch command close exclude audit-admin), the commands of a certain level can be executed only when the following two conditions are met:

The level of the administrator is higher than or equal to the command level.
The role of the administrator has the permission on the command module (feature to which the command belongs).

What Are the System Users of Equipments?

Table System user accounts describes the system user accounts.

**Table 1** System user accounts
Account Name	Purpose	Login Allowed	Default Password	Password Change Method
root	Linux root account	Not supported	None	The password cannot be changed.
nobody	Default Anonymous Account	Not supported	None	The password cannot be changed.
systemd-timesync Only the USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E, and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B has this account.	Account for running the systemd process	Not supported	None	The password cannot be changed.
systemd-network Only the USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E, and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B has this account.	Account for running the systemd process	Not supported	None	The password cannot be changed.
systemd-resolve Only the USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E, and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B has this account.	Account for running the systemd process	Not supported	None	The password cannot be changed.
sshd	Account used to run the sshd service	Not supported	None	The password cannot be changed.