ZyXEL Communications ZyWALL5UTM 4.0 27.2 Introduction to HTTPS, 27.1.2System Timeout, WWW, System, REMOTE MGMT, Secure Client IP Address, Authenticate Client Certificates

ZyWALL 5/35/70 Series User’s Guide

1A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service.

2You have disabled that service in one of the remote management screens.

3The IP address in the Secure Client IP Address field does not match the client IP address. If it does not match, the ZyWALL will disconnect the session immediately.

4There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time.

5There is a firewall rule that blocks it.

27.1.2System Timeout

There is a default system management idle timeout of five minutes (three hundred seconds). The ZyWALL automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. You can change the timeout period in the System screen.

27.2 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application- level protocol that enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the transferred data), authentication (one party can identify the other party) and data integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys (see Chapter 20 on page 338 for more information).

HTTPS on the ZyWALL is used so that you may securely access the ZyWALL using the web configurator. The SSL protocol specifies that the SSL server (the ZyWALL) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the ZyWALL), whereas the SSL client only should authenticate itself when the SSL server requires it to do so (select Authenticate Client Certificates in the REMOTE MGMT,

WWWscreen). Authenticate Client Certificates is optional and if selected means the SSL- client must send the ZyWALL a certificate. You must apply for a certificate for the browser from a CA that is a trusted CA on the ZyWALL.

Please refer to the following figure.

1HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the ZyWALL’s WS (web server).

2HTTP connection requests from a web browser go to port 80 (by default) on the ZyWALL’s WS (web server).