Service Access Limitations; System Timeout; Https - ZyXEL Communications Unified Security Gateway ZyWALL 300 User Manual

Chapter 44 Service Control

44.1.1 Service Access Limitations

A service cannot be used to access the ZyWALL when:
1 You have disabled that service in the corresponding screen.
2 The allowed IP address (address object) in the Service Control table does not match the
client IP address (the ZyWALL disallows the session).
3 The IP address (address object) in the Service Control table is not in the allowed zone or
the action is set to Deny.
4 There is a firewall rule that blocks it.

44.1.2 System Timeout

There is a lease timeout for administrators. The ZyWALL automatically logs you out if the
management session remains idle for longer than this timeout period. The management session
does not time out when a statistics screen is polling.
Each user is also forced to log in the ZyWALL for authentication again when the
reauthentication time expires.
You can change the timeout settings in the User/Group screens.

44.2 HTTPS

You can set the ZyWALL to use HTTP or HTTPS (HTTPS adds security) for web
configurator sessions. Specify which zones allow web configurator access and from which IP
address the access can come.
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web
protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-
level protocol that enables secure transactions of data by ensuring confidentiality (an
unauthorized party cannot read the transferred data), authentication (one party can identify the
other party) and data integrity (you know if data has been changed).
It relies upon certificates, public keys, and private keys (see
information).
HTTPS on the ZyWALL is used so that you can securely access the ZyWALL using the web
configurator. The SSL protocol specifies that the HTTPS server (the ZyWALL) must always
authenticate itself to the HTTPS client (the computer which requests the HTTPS connection
with the ZyWALL), whereas the HTTPS client only should authenticate itself when the
HTTPS server requires it to do so (select Authenticate Client Certificates in the WWW
screen). Authenticate Client Certificates is optional and if selected means the HTTPS client
must send the ZyWALL a certificate. You must apply for a certificate for the browser from a
CA that is a trusted CA on the ZyWALL.
Please refer to the following figure.
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)
on the ZyWALL's web server.
2 HTTP connection requests from a web browser go to port 80 (by default) on the
ZyWALL's web server.
588
Chapter 40 on page 545 for more
ZyWALL USG 300 User's Guide