Limitations and Precautions for Administrator

Hardware Requirements

Supported by all models.

License Requirements

The Administrator is not license-controlled.

Precautions

• The controls administrator permissions based on administrator roles. The role of an administrator determines the features that the administrator can configure. The level alone cannot determine the

  commands that can be executed by a CLI administrator. For example, the default level of A feature commands is level-2. If a level-2 administrator needs to configure A feature, the administrator must be assigned the role that has the permission to configure

  A feature. Otherwise, the level-2 administrator cannot execute the commands of feature A.

• If an administrator logs in using an account in user-name@domain-name format, the service-type administrator-access command must be run in domain-name to allow administrator access.
• After the password change function for administrators is enabled (manager-user password-modify enable), the device reads administrator passwords from the CF card, but not the configuration profile after restart. Administrators cannot restore their login passwords from the configuration profile. You must delete the manager-user password-modify enable command from the configuration file before performing the restoration operation. Therefore, you are advised to disable the function if no requirement is posed on regular password change. If the password change function is enabled, run the save command upon each password change to ensure password consistency between the database and the configuration profile.
• If the configuration file to be exported is used as the configuration file for the next startup of other devices and contains the administrator and manager-user password-modify enable configurations, you need to export the database in hda1:/uldb/ulsystem/ and then upload the database to the target device.
• Only the administrators whose service type is API can use northbound APIs. In addition, the security policy must be configured to permit traffic. For NETCONF, you can run the service-manage netconf permit command on the interface without configuring any security policy.
• The administrator of the root system can access the root system and all virtual systems through interfaces of the root system. The administrator of a virtual system can access the virtual system through an interface of the virtual system but cannot access the root system or other virtual systems.
• When you configure northbound interfaces for the USG6630E/6650E, USG6635E/6655E, USG6680E and USG6712E/6716E only one registration connection can be configured for NETCONF.
• When you configure northbound interfaces for the USG6630E/6650E, USG6635E/6655E, USG6680E and USG6712E/6716E the RESTCONF service supports only HTTPS mode.
• When you configure northbound interfaces for the USG6630E/6650E, USG6635E/6655E, USG6680E and USG6712E/6716E RESTCONF does not support the configuration of the session timeout duration.
• When the northbound API function is enabled, it is not recommended that the administrator log in to the device through the web UI or CLI to configure the device. Otherwise, the administrator and the northbound API user may deliver configurations at the same time, causing configuration inconsistency between the northbound API controller and device.

• Northbound Interface does not support IPv6.

• The IP address of the northbound interface cannot be on the following network segments: 192.168.0.0/24, 192.168.100.0/24, 169.254.100.0/24, and 169.254.215.0/24.
• In V600R007C20SPC300 and later versions, for the USG6500E/6600E/6700E (except USG6501E-C/6502E-C/6503E-C), after the administrator activates the license, the device reads customer name information from the license file and displays the customer name information in the upper right corner of the web page (only after the web page is refreshed), and login page (displayed when the administrator logs in again).