How can I restore the web management through CLI (SSH)?
12/20/2019
70
25278
DESCRIPTION:
How can I restore the web management through CLI (SSH)
RESOLUTION:
When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.
If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.
- Bits per second: 115200
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow control: None

After getting connected to the SSH shell, the device will prompt you for username twice and then the password.
Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.
Command to Enable Web Management port in interface
- For HTTP:
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
- For HTTPS:
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
When the HTTP, HTTPS, and SSH access is disabled on the interface.
In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.
Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.
Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:
- For HTTP and HTTPS
User:admin
Password:
admin@0017C516EB30>
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])# exit
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.
If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.
- Bits per second: 115200
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow control: None

After getting connected to the SSH shell, the device will prompt you for username twice and then the password.
Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.
For (5.8 & below) and (6.1 & below) Firmware
- NSA 2600 Enhanced> conf
- (config[NSA 2600 Enhanced])> int x0 (int LAN, in case of TZ units)
- config[NSA 2600 Enhanced]-if[X0])>
- (config[NSA 2600 Enhanced]-if[X0])> management http enable
- (config[NSA 2600 Enhanced]-if[X0])> exit
- (config[NSA 2600 Enhanced])>
After executing these commands you should be able to access the HTTP on LAN/X0 interface.
For (5.9 & above) and (6.1 & above) Firmware
- For HTTP
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
- For HTTPS
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.
When the HTTP, HTTPS, and SSH access is disabled on the interface.
In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.
Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.
Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:
- For (5.8 & below) and (6.1 & below) Firmware
User:admin
Password:
NSA 2600 Enhanced>
NSA 2600 Enhanced> conf
admin at GUI from 192.168.168.10 is editing.
Do you wish to preempt them [y/n]? y
(config[NSA 2600 Enhanced])> interface x0 <x0|x1|x2|x3|x4|x5>
(config[NSA 2600 Enhanced]-if[X0])>
(config[NSA 2600 Enhanced]-if[X0])> management http enable
(config[NSA 2600 Enhanced]-if[X0])> exit
(config[NSA 2600 Enhanced])>
After executing these commands you should be able to access the HTTP on LAN/X0 interface.
- For (5.9 & above) and (6.1 & above) Firmware
User:admin
Password:
admin@0017C516EB30>
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])# exit
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.