How can I restore the web management through CLI (SSH)?
08/17/2021 
73 
26432
DESCRIPTION:
How can I restore the web management through CLI (SSH)
RESOLUTION:
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.
If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.
- Bits per second: 115200
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow control: None
After getting connected to the SSH shell, the device will prompt you for username twice and then the password.
Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.
Command to Enable Web Management port in interface
- For HTTP:
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
- For HTTPS:
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
When the HTTP, HTTPS, and SSH access is disabled on the interface.
In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.
Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.
Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:
- For HTTP and HTTPS
User:admin
Password:
admin@0017C516EB30>
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])# exit
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.
If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.
- Bits per second: 115200
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow control: None
After getting connected to the SSH shell, the device will prompt you for username twice and then the password.
Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.
For (5.8 & below) and (6.1 & below) Firmware
- NSA 2600 Enhanced> conf
- (config[NSA 2600 Enhanced])> int x0 (int LAN, in case of TZ units)
- config[NSA 2600 Enhanced]-if[X0])>
- (config[NSA 2600 Enhanced]-if[X0])> management http enable
- (config[NSA 2600 Enhanced]-if[X0])> exit
- (config[NSA 2600 Enhanced])>
After executing these commands you should be able to access the HTTP on LAN/X0 interface.
For (5.9 & above) and (6.1 & above) Firmware
- For HTTP
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
- For HTTPS
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
When the HTTP, HTTPS, and SSH access is disabled on the interface.
In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.
Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.
Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:
- For (5.8 & below) and (6.1 & below) Firmware
User:admin
Password:
NSA 2600 Enhanced>
NSA 2600 Enhanced> conf
admin at GUI from 192.168.168.10 is editing.
Do you wish to preempt them [y/n]? y
(config[NSA 2600 Enhanced])> interface x0 <x0|x1|x2|x3|x4|x5>
(config[NSA 2600 Enhanced]-if[X0])>
(config[NSA 2600 Enhanced]-if[X0])> management http enable
(config[NSA 2600 Enhanced]-if[X0])> exit
(config[NSA 2600 Enhanced])>
After executing these commands you should be able to access the HTTP on LAN/X0 interface.
- For (5.9 & above) and (6.1 & above) Firmware
User:admin
Password:
admin@0017C516EB30>
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])# exit
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
