Remote Management Limitations; System Timeout; Www (Http And Https) - ZyXEL Communications ZYWALL P1 User Manual

Chapter 18 Remote Management
3 HTTPS and HTTP

18.1.1 Remote Management Limitations

Remote management does not work when:
1 You have not enabled that service on the interface in the corresponding remote
management screen.
2 The IP address in the Secure Client IP Address field does not match the client IP
address. If it does not match, the ZyWALL disconnects the session immediately.
3 There is already another remote management session with an equal or higher priority
running. You may only have one remote management session running at one time.
4 There is a firewall rule that blocks it.
5 A filter is applied (through the commands) to block a Telnet, FTP or Web service.

18.1.2 System Timeout

There is a default system management idle timeout of five minutes (three hundred seconds).
The ZyWALL automatically logs you out if the management session remains idle for longer
than this timeout period. The management session does not time out when a statistics screen is
polling. You can change the timeout period in the MAINTENANCE > General screen (see
Section 23.3 on page

18.2 WWW (HTTP and HTTPS)

You can set the ZyWALL to use HTTP or HTTPS (HTTPS adds security) for web
configurator sessions. Specify which interfaces allow web configurator access and from which
IP address the access can come.
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web
protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-
level protocol that enables secure transactions of data by ensuring confidentiality (an
unauthorized party cannot read the transferred data), authentication (one party can identify the
other party) and data integrity (you know if data has been changed).
It relies upon certificates, public keys, and private keys (see
information).
HTTPS on the ZyWALL is used so that you may securely access the ZyWALL using the web
configurator. The SSL protocol specifies that the SSL server (the ZyWALL) must always
authenticate itself to the SSL client (the computer which requests the HTTPS connection with
the ZyWALL), whereas the SSL client only should authenticate itself when the SSL server
requires it to do so (select Authenticate Client Certificates in the REMOTE MGMT >
WWW screen). Authenticate Client Certificates is optional and if selected means the SSL-
client must send the ZyWALL a certificate. You must apply for a certificate for the browser
from a CA that is a trusted CA on the ZyWALL.
Please refer to the following figure.
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)
on the ZyWALL's WS (web server).
292
365).
Chapter 14 on page 239 for more
ZyWALL P1 User's Guide