How can I restore the web management through CLI (SSH)?

08/17/2021 74 People found this article helpful 57,346 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

How can I restore the web management through CLI (SSH)

Resolution

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.

If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.

• Bits per second: 115200
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
  

After getting connected to the SSH shell, the device will prompt you for username twice and then the password. 

Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.

Command to Enable Web Management port in interface

• For HTTP:
  
  admin@0017C516EB30> configure
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management http
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])#

• For HTTPS:
  
  admin@0017C516EB30> configure
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management https
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

 When the HTTP, HTTPS, and SSH access is disabled on the interface.

In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.

Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.

Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:

• For HTTP and HTTPS
  
  User:admin 
  Password:       
  
  admin@0017C516EB30>
  admin@0017C516EB30> configure
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management http
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])# exit
  
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management https
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

When the SSH management is enabled on the interface but HTTP/HTTPS are disabled.

If the SSH is enabled on the device and you need to recover the HTTP/HTTPS access, you can use an SSH terminal program to access the CLI interface of the device. One of the popular programs to use to access the SonicWall SSH shell is PuTTY.

• Bits per second: 115200
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
  

After getting connected to the SSH shell, the device will prompt you for username twice and then the password. 

Let’s assume that on a NSA 2600 unit, the HTTP access on the LAN interface got disabled but the SSH was enabled. After getting in to the SSH shell just type in the below commands to recover the HTTP access.

For (5.8 & below) and (6.1 & below) Firmware

• NSA 2600 Enhanced> conf
• (config[NSA 2600 Enhanced])> int x0   (int LAN, in case of TZ units)
• config[NSA 2600 Enhanced]-if[X0])>
• (config[NSA 2600 Enhanced]-if[X0])> management http enable
• (config[NSA 2600 Enhanced]-if[X0])> exit
• (config[NSA 2600 Enhanced])>
  
  After executing these commands you should be able to access the HTTP on LAN/X0 interface.

For (5.9 & above) and (6.1 & above) Firmware

• For HTTP
  
  admin@0017C516EB30> configure
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management http
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])#
  
  
• For HTTPS
  
  admin@0017C516EB30> configure
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management https
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

When the HTTP, HTTPS, and SSH access is disabled on the interface.

In this situation; you need to connect a serial cable on the console port of the unit. Please see Unable to Access Management Interface from the LAN for details.

Open up a HyperTerminal or any other terminal program that support serial communication and set the connections properties as shown below. The connection speed varies from device to device. Most support 115200, but a few of the older Gen 4 TZ models support 9600.

Let’s assume that on a NSA 2600 unit, all the management methods are disabled on the LAN interface. After connecting the serial cable between the computer and the unit, the following commands need to be executed:

• For (5.8 & below) and (6.1 & below) Firmware
  
  User:admin
  Password:
  NSA 2600 Enhanced>
  NSA 2600 Enhanced> conf
  admin at GUI from 192.168.168.10 is editing.
  Do you wish to preempt them [y/n]? y 
  
  (config[NSA 2600 Enhanced])> interface x0 <x0|x1|x2|x3|x4|x5>
  (config[NSA 2600 Enhanced]-if[X0])>
  (config[NSA 2600 Enhanced]-if[X0])> management http enable
  (config[NSA 2600 Enhanced]-if[X0])> exit
  (config[NSA 2600 Enhanced])>

After executing these commands you should be able to access the HTTP on LAN/X0 interface.

• For (5.9 & above) and (6.1 & above) Firmware
  
  User:admin
  Password:       
  
  admin@0017C516EB30>
  admin@0017C516EB30> configure
  config(0017C516EB30)# interface x0
  
   (edit-interface[X0])# management http
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])# exit
  
  config(0017C516EB30)# interface x0
   (edit-interface[X0])# management https
  (edit-interface[X0])# commit
  % Applying changes...
  % Changes made.
  (edit-interface[X0])#

After executing these commands you should be able to access the HTTP & HTTPS on LAN/X0 interface.

Related Articles

• How to Create Gen 7 Settings File by Using the Online Migration Tool
• DNS Resolution of Wildcard FQDN Address Objects
• All associated wildcard FQDN IP addresses do not display in the web browser

Categories

• Firewalls > NSa Series > Command Line Interface
• Firewalls > NSv Series > Command Line Interface
• Firewalls > TZ Series > Command Line Interface - CLI