Filter
Top Products
Chapter 37 System
ZyWALL 110/310/1100 Series User’s Guide
456
37.7 WWW Overview
The following figure shows secure and insecure management of the ZyWALL coming in from the
WAN. HTTPS and SSH access are secure. HTTP and Telnet access are not secure.
Note: To allow the ZyWALL to be accessed from a specified computer using a service,
make sure you do not have a service control rule or to-ZyWALL firewall rule to
block that traffic.
•See To-ZyWALL Rules on page 266 for more on To-ZyWALL firewall rules.
To stop a service from accessing the ZyWALL, clear Enable in the corresponding service screen.
37.7.1 Service Access Limitations
A service cannot be used to access the ZyWALL when:
1 You have disabled that service in the corresponding screen.
2 The allowed IP address (address object) in the Service Control table does not match the client IP
address (the ZyWALL disallows the session).
3 The IP address (address object) in the Service Control table is not in the allowed zone or the
action is set to Deny.
4 There is a firewall rule that blocks it.
37.7.2 System Timeout
There is a lease timeout for administrators. The ZyWALL automatically logs you out if the
management session remains idle for longer than this timeout period. The management session
does not time out when a statistics screen is polling.
Each user is also forced to log in the ZyWALL for authentication again when the reauthentication
time expires.
You can change the timeout settings in the User/Group screens.
37.7.3 HTTPS
You can set the ZyWALL to use HTTP or HTTPS (HTTPS adds security) for Web Configurator
sessions. Specify which zones allow Web Configurator access and from which IP address the access
can come.
HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol
that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol
that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot
read the transferred data), authentication (one party can identify the other party) and data
integrity (you know if data has been changed).