Feeling locked out? Reset web access via CLI.admin | Friday, February 4th, 2011 | 1 Comment »
SonicWALL isn’t known for their CLI, and why would you really want to use it when you can easily administer the firewall from its web interface! Having access to the CLI can come in handy if you, for whatever reason, locked yourself out from web access. I will show you how you can reset/enable the web access below.
First, I want to show you that you have indeed locked yourself out from the WAN interface. Say, you’re trying to remote in and the firewall isn’t letting you.
Pay close attention to the mode on this screen on the top right hand corner. Currently I am in configuration mode, which means I have full access to make changes to the firewall. The only other mode is non-config, which is for viewing only. I’ll get into this more later.
Go ahead and click the configure button to access your X1 interface info.
What you’ll see here is that the X1 interface(WAN interface) does not have HTTP or HTTPS enabled for web management. Luckily though we have SSH enabled. So now you can easily SSH into your SonicWALL or, if you have physical access, you can console into the firewall.
For anyone that has never consoled into a SonicWALL before, well here it is! Here’s what it looks like!
Ok, so first we want to check the status of the X1(WAN) interface.
Notice that both http and https mgmt are disabled. You only need to enable one of them to have access to the firewall remotely.
Let’s go into configuration mode so we can make the changes.
Notice what’s happening here. It’s asking if I want to preempt the admin from “192.168.168.62”. The SonicWALL firewall’s only allow you to be in configuration mode at one time. Whether that is from SSH, Web or Console! So I go ahead and kick off the admin and take control of the firewall.
Enabling access to the X1(WAN) interface is very easy with just this one simple command!
Now let’s verify that the changes have been made.
Notice that HTTP MGMT is now enabled! HTTPS has not been enabled because we did not issue “https” in our command above.
Now let’s go back to the web interface and confirm that it is indeed enabled!
Remember I asked you earlier to pay attention to the top right hand corner? Notice how it has changed to Non-config mode! Also, remember what I said, only one type of access can have configuration mode. We took over configuration mode in our CLI session. So the web interface now indicates our change in status.
Now go ahead and click on configure button for the X1(WAN) interface so we can confirm HTTP access.
So there it is! Double confirmation! Once from the CLI and another from the Web interface!
Please let me know if you have any questions or comments!