Chapter 50 System

It relies upon certificates, public keys, and private keys (see Chapter 46 on page

739for more information).

HTTPS on the ZyWALL is used so that you can securely access the ZyWALL using the Web Configurator. The SSL protocol specifies that the HTTPS server (the ZyWALL) must always authenticate itself to the HTTPS client (the computer which requests the HTTPS connection with the ZyWALL), whereas the HTTPS client only should authenticate itself when the HTTPS server requires it to do so (select Authenticate Client Certificates in the WWW screen). Authenticate Client Certificates is optional and if selected means the HTTPS client must send the ZyWALL a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the ZyWALL.

Please refer to the following figure.

1HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the ZyWALL’s web server.

2HTTP connection requests from a web browser go to port 80 (by default) on the ZyWALL’s web server.

Figure 519 HTTP/HTTPS Implementation

Note: If you disable HTTP in the WWW screen, then the ZyWALL blocks all HTTP connection attempts.

50.6.4 Configuring WWW Service Control

Click Configuration > System > WWW to open the WWW screen. Use this screen to specify from which zones you can access the ZyWALL using HTTP or HTTPS. You can also specify which IP addresses the access can come from.

 

799

ZyWALL USG 2000 User’s Guide