The customer can't login USG2200 which runs with other USG2200 configuration case

Publication Date:  2014-06-29 Views:  277 Downloads:  0
Issue Description
After the customer imports setting configuration file he can’t log in the administrator account anymore  (with both default password and that I configured).
Alarm Information
Handling Process
Firstly, check if the entered account or password is incorrect. But after confirmed with customer, both the account and password are correct, they can use it login the old firewall which have the same configuration file, and they try again and again.

Secondly, check if the account is on the AD server or Radius server, according to account configuration in the device, we can see that the accounts are on the firewall device, as following:
local-user password-modify enable
local-user admin password cipher %$%$$9yYW8x%YKBz('RasR{P,kbY%$%$
local-user admin service-type web terminal telnet ssh
local-user admin level 15
authentication-scheme default

But at the same time, I find there is a especial command on the firewall, it is “ local-user password-modify enable".

After configured this command, when login the firewall at the first time, the customer must modify the password for security, and this state is saved in the SD card. Because the configuration is exported from other firewall, so the state in the SD card is not correct. After delete this command in the configuration file, and then restart firewall with the modified configuration file, customer can login with the old account and password.
Root Cause
According the information custoemr feedback, the possible reason are:
(1) The account and password maybe are incorrect.
(2) The account are not in the firewall, but in the server,such as AD server and Radius server.
(3) There sare some especial configuration cause this.
For some especial situation,please pay attention to some especial configuration,such as use other device’s configuration,need to delete this command if configured.