ZyXEL Communications USG40 User Manual page 843

Table 356 Configuration > System > WWW > Service Control (continued)
LABEL DESCRIPTION
Admin/User Service Admin Service Control specifies from which zones an administrator can use HTTP to
Control manage the ZyWALL/USG (using the Web Configurator). You can also specify the IP
addresses from which the administrators can manage the ZyWALL/USG.
User Service Control specifies from which zones a user can use HTTP to log into the
ZyWALL/USG (to log into SSL VPN for example). You can also specify the IP addresses
from which the users can access the ZyWALL/USG.
Add Click this to create a new entry. Select an entry and click Add to create a new entry
after the selected entry.
Edit Double-click an entry or select it and click Edit to be able to modify the entry's
settings.
Remove To remove an entry, select it and click Remove. The ZyWALL/USG confirms you want
to remove it before doing so. Note that subsequent entries move up by one when you
take this action.
Move To change an entry's position in the numbered list, select the method and click Move
to display a field to type a number for where you want to put it and press [ENTER] to
move the rule to the number that you typed.
# This is the index number of the service control rule.
The entry with a hyphen (-) instead of a number is the ZyWALL/USG's (non-
configurable) default policy. The ZyWALL/USG applies this to traffic that does not
match any other configured rule. It is not an editable rule. To apply other behavior,
configure a rule that traffic will match so the ZyWALL/USG will not have to use the
default policy.
Zone This is the zone on the ZyWALL/USG the user is allowed or denied to access.
Address This is the object name of the IP address(es) with which the computer is allowed or
denied to access.
Action This displays whether the computer with the IP address specified above can access
the ZyWALL/USG zone(s) configured in the Zone field (Accept) or not (Deny).
Authentication
Client Authentication Select a method the HTTPS or HTTP server uses to authenticate a client.
Method
You must have configured the authentication methods in the Auth. method screen.
Other When HTTPS Domain Filter blocks a page, the connection is redirected to a local web
server to display the blocking message. HSTS (HTTP Strict Transport Security) may
be acticated in some browsers as the browser cached certificate is different to the one
displayed by the local server. In this case, you cannot see a blocking warning
message.
Accessing a web page may require multiple connections to different sites to get all the
information in the web page. When there is a connection to a HTTPS website that
belongs to a blocked category, it is filtered, but you don't receive a warning page with
the option to continue. For example, you want to block www.google.com and issue a
Warn action. When you connect to www.google.com another connection to
pic.google.com is created to get the pictures on the google page. www.google.com
can display a warning page in your browser (and you can click 'Continue' to forward
the connection) but the connection to pic.google.com cannot display a 'Continue'
dialog, so parts of the google page will appear blank and will not display the related
picture content.
Enable Content Filter Use this field to have the ZyWALL/USG display a warning page instead of a blank
HTTPS Domain Filter page when an HTPPS connection is redirected.
Block/Warn Page
Block/Warn Page Port Use the default port number as displayed for the warning page. If you change it, the
new port number should be unique.
Chapter 43 System
ZyWALL/USG Series User's Guide
843