Service Control Rules - ZyXEL Communications ZyWall ATP series User Manual

Table 311 Configuration > System > WWW > Service Control (continued)
LABEL
Edit
Remove
Move
#
Zone
Address
Action
Authentication
Client Authentication
Method
Other
Enable Content Filter
HTTPS Domain Filter
Block/Warn Page
Block/Warn Page Port
Apply
Reset

37.7.5 Service Control Rules

Click Add or Edit in the Service Control table in a WWW, SSH, Telnet, FTP or SNMP screen to add a service
control rule.
Chapter 37 System
DESCRIPTION
Double-click an entry or select it and click Edit to be able to modify the entry's settings.
To remove an entry, select it and click Remove. The Zyxel Device confirms you want to
remove it before doing so. Note that subsequent entries move up by one when you take
this action.
To change an entry's position in the numbered list, select the method and click Move to
display a field to type a number for where you want to put it and press [ENTER] to move
the rule to the number that you typed.
This is the index number of the service control rule.
The entry with a hyphen (-) instead of a number is the Zyxel Device's (non-configurable)
default policy. The Zyxel Device applies this to traffic that does not match any other
configured rule. It is not an editable rule. To apply other behavior, configure a rule that
traffic will match so the Zyxel Device will not have to use the default policy.
This is the zone on the Zyxel Device the user is allowed or denied to access.
This is the object name of the IP address(es) with which the computer is allowed or denied
to access.
This displays whether the computer with the IP address specified above can access the
Zyxel Device zone(s) configured in the Zone field (Accept) or not (Deny).
Select a method the HTTPS or HTTP server uses to authenticate a client.
You must have configured the authentication methods in the Auth. method screen.
When HTTPS Domain Filter blocks a page, the connection is redirected to a local web
server to display the blocking message. HSTS (HTTP Strict Transport Security) may be
activated in some browsers as the browser cached certificate is different to the one
displayed by the local server. In this case, you cannot see a blocking warning message.
Accessing a web page may require multiple connections to different sites to get all the
information in the web page. When there is a connection to a HTTPS website that belongs
to a blocked category, it is filtered, but you don't receive a warning page with the option
to continue. For example, you want to block www.google.com and issue a Warn action.
When you connect to www.google.com another connection to pic.google.com is
created to get the pictures on the Google page. www.google.com can display a
warning page in your browser (and you can click 'Continue' to forward the connection)
but the connection to pic.google.com cannot display a 'Continue' dialog, so parts of the
Google page will appear blank and will not display the related picture content.
Use this field to have the Zyxel Device display a warning page instead of a blank page
when an HTPPS connection is redirected.
Use the default port number as displayed for the warning page. If you change it, the new
port number should be unique.
Click Apply to save your changes back to the Zyxel Device.
Click Reset to return the screen to its last-saved settings.
ZyWALL ATP Series User's Guide
710