Chapter 24 System
USG FLEX H Series User’s Guide
352
transferred data), authentication (one party can identify the other party) and data integrity (you know if
data has been changed).
It relies upon certificates, public keys, and private keys.
HTTPS on the Zyxel Device is used so that you can securely access the Zyxel Device using the Web
Configurator. The SSL protocol specifies that the HTTPS server (the Zyxel Device) must always
authenticate itself to the HTTPS client (the computer which requests the HTTPS connection with the Zyxel
Device), whereas the HTTPS client only should authenticate itself when the HTTPS server requires it to do
so (enable Authenticate Client Certificates in the Administration Settings screen). Authenticate Client
Certificates is optional and if selected means the HTTPS client must send the Zyxel Device a certificate.
You must apply for a certificate for the browser from a CA that is a trusted CA on the Zyxel Device.
Please refer to the following figure.
1 HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Zyxel
Device’s web server.
2 HTTP connection requests from a web browser go to port 80 (by default) on the Zyxel Device’s web
server.
Figure 216 HTTP/HTTPS Implementation
Note: If you disable HTTP in the Administration Settings screen, then the Zyxel Device blocks all
HTTP connection attempts.
SSH
You can use SSH (Secure SHell) to securely access the Zyxel Device’s command line interface.
SSH is a secure communication protocol that combines authentication and data encryption to provide
secure encrypted communication between two hosts over an unsecured network. In the following
figure, computer A on the Internet uses SSH to securely connect to the WAN port of the Zyxel Device for
a management session.
Note: To allow an SSH connection to the Zyxel Device, add SSH in the Object > Service >
Service Group > Default_Allow_WAN_To_ZyWALL service group which defines the
default services allowed in the WAN_to_Device security policy.
To Next Page
Loading...
