ZyXEL Communications ZyWALL USG 300 User Manual page 666

Chapter 45 System
Table 240 System > WWW > Service Control (continued)
LABEL
Server Port
Authenticate
Client
Certificates
Server
Certificate
Redirect HTTP
to HTTPS
Admin/User
Service Control
#
Zone
Address
Action
Add icon
HTTP
Enable
Server Port
Admin/User
Service Control
666
DESCRIPTION
The HTTPS server listens on port 443 by default. If you change the HTTPS server
port to a different number on the ZyWALL, for example 8443, then you must notify
people who need to access the ZyWALL Web Configurator to use "https://ZyWALL
IP Address:8443" as the URL.
Select Authenticate Client Certificates (optional) to require the SSL client to
authenticate itself to the ZyWALL by sending the ZyWALL a certificate. To do that
the SSL client must have a CA-signed certificate from a CA that has been imported
as a trusted CA on the ZyWALL (see
certificates for details).
Select a certificate the HTTPS server (the ZyWALL) uses to authenticate itself to
the HTTPS client. You must have certificates already configured in the My
Certificates screen.
To allow only secure Web Configurator access, select this to redirect all HTTP
connection requests to the HTTPS server.
Admin Service Control specifies from which zones an administrator can use
HTTPS to manage the ZyWALL (using the Web Configurator). You can also specify
the IP addresses from which the administrators can manage the ZyWALL.
User Service Control specifies from which zones a user can use HTTPS to log into
the ZyWALL (to log into SSL VPN for example). You can also specify the IP
addresses from which the users can access the ZyWALL.
This is the index number of the service control rule.
The entry with a hyphen (-) instead of a number is the ZyWALL's (non-configurable)
default policy. The ZyWALL applies this to traffic that does not match any other
configured rule. It is not an editable rule. To apply other behavior, configure a rule
that traffic will match so the ZyWALL will not have to use the default policy.
This is the zone on the ZyWALL the user is allowed or denied to access.
This is the object name of the IP address(es) with which the computer is allowed or
denied to access.
This displays whether the computer with the IP address specified above can access
the ZyWALL zone(s) configured in the Zone field (Accept) or not (Deny).
Click the Add icon in the heading row to open a screen where you can add a new
rule. Refer to Table 241 on page 668
Click the Edit icon to go to the screen where you can edit the rule.
Click the Add icon in an entry to add a rule below the current entry.
Click the Delete icon to remove an existing rule. A window display asking you to
confirm that you want to delete the rule. Note that subsequent rules move up by one
when you take this action.
Click the Move to N icon to display a field to type a number for where you want to
put that rule and press [ENTER] to move the rule to the number that you typed.
Select the check box to allow or disallow the computer with the IP address that
matches the IP address(es) in the Service Control table to access the ZyWALL
Web Configurator using HTTP connections.
You may change the server port number for a service if needed, however you must
use the same port number in order to use that service to access the ZyWALL.
Admin Service Control specifies from which zones an administrator can use HTTP
to manage the ZyWALL (using the Web Configurator). You can also specify the IP
addresses from which the administrators can manage the ZyWALL.
User Service Control specifies from which zones a user can use HTTP to log into
the ZyWALL (to log into SSL VPN for example). You can also specify the IP
addresses from which the users can access the ZyWALL.
Section 45.6.7.5 on page 673
for information on the fields.
ZyWALL USG 300 User's Guide
on importing