Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
  - Network Security ManagerModern Security Management for today’s security landscape
- Access Security
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Endpoint Security

Management and Reporting

Secure Mobile Access

Secure Wireless

How can I restore the web management through CLI (SSH)?

12/20/2019 66 23749

DESCRIPTION:

How can I restore the web management through CLI (SSH)

RESOLUTION:

When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.

If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.

Bits per second: 115200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

After getting connected to the SSH shell, the device will prompt you for username twice and then the password.

Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.

Command to Enable Web Management port in interface

For HTTP:

admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#

For HTTPS:

admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

When the HTTP, HTTPS, and SSH access is disabled on the interface.

In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.

Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.

Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:

For HTTP and HTTPS

User:admin
Password:

admin@0017C516EB30>
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])# exit

config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.

If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.

Bits per second: 115200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

After getting connected to the SSH shell, the device will prompt you for username twice and then the password.

Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.

For (5.8 & below) and (6.1 & below) Firmware

NSA 2600 Enhanced> conf
(config[NSA 2600 Enhanced])> int x0 (int LAN, in case of TZ units)
config[NSA 2600 Enhanced]-if[X0])>
(config[NSA 2600 Enhanced]-if[X0])> management http enable
(config[NSA 2600 Enhanced]-if[X0])> exit
(config[NSA 2600 Enhanced])>

After executing these commands you should be able to access the HTTP on LAN/X0 interface.

For (5.9 & above) and (6.1 & above) Firmware

For HTTP

admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#
For HTTPS

admin@0017C516EB30> configure
config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

When the HTTP, HTTPS, and SSH access is disabled on the interface.

In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.

Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.

Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:

For (5.8 & below) and (6.1 & below) Firmware

User:admin
Password:
NSA 2600 Enhanced>
NSA 2600 Enhanced> conf
admin at GUI from 192.168.168.10 is editing.
Do you wish to preempt them [y/n]? y

(config[NSA 2600 Enhanced])> interface x0 <x0|x1|x2|x3|x4|x5>
(config[NSA 2600 Enhanced]-if[X0])>
(config[NSA 2600 Enhanced]-if[X0])> management http enable
(config[NSA 2600 Enhanced]-if[X0])> exit
(config[NSA 2600 Enhanced])>

After executing these commands you should be able to access the HTTP on LAN/X0 interface.

For (5.9 & above) and (6.1 & above) Firmware

User:admin
Password:

admin@0017C516EB30>
admin@0017C516EB30> configure
config(0017C516EB30)# interface x0

(edit-interface[X0])# management http
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])# exit

config(0017C516EB30)# interface x0
(edit-interface[X0])# management https
(edit-interface[X0])# commit
% Applying changes...
% Changes made.
(edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

Was This Article Helpful?

Not Finding Your Answer?

ASK THE COMMUNITY

Stay In Touch

Capture More

Fear Less