Chapter 30 Cloud CNM
ZyWALL Series CLI Reference Guide
243
• Create four types of administrators with different privileges
• Perform Site-to-Site, Hub & Spoke, Fully-meshed and Remote Access VPN provisioning.
To allow Cloud CNM SecuManager management of your Zyxel Device:
• You must have a Cloud CNM SecuManager license with CNM ID number or a Cloud CNM
SecuManager server URL.
• The Zyxel Device must be able to communicate with the Cloud CNM SecuManager server.
You must configure SecuManager to allow the Zyxel Device to find the Cloud CNM SecuManager
server.
30.2.1 Introduction to XMPP
eXtensible Messaging and Presence Protocol (XMPP) allows Zyxel Device to contact managed devices
that normally can't be contacted directly due to they are behind a NAT or firewall-enabled gateway.
The managed devices must be able to establish a secure and authenticated connection to an XMPP
Server and must be able to maintain a connection to an XMPP Server through which the XMPP Server
can send unsolicited messages from a defined set of allowed addresses (Zyxel Device servers. This is
defined in RFC 6120.
The general procedure for XMPP to issue a Connection Request to a managed device is as follows:
1 Zyxel Device establishes a connection to an XMPP Server.
2 The device establishes an XMPP connection to the specified XMPP Server.
3 Whenever Zyxel Device wishes to establish a connection to the device, it can send an XMPP
Connection Request specifying the ‘to’ address that matches the device where the Connection
Request needs to be sent and a ‘from’ address that matches one of the allowed Zyxel Device addresses
in the XMPP Server.
4 The XMPP Server sends the request to the appropriate device.
Note: There could be multiple XMPP Servers depending on the deployment.
30.2.1.1 Zyxel Device Requirements for XMPP
Both Zyxel Device and the managed device must meet these requirements:
• They must be able to determine the public IP address of the XMPP Server.
• They must be able to open an XML Stream to the XMPP Server and accept an XML Stream from the
XMPP Server. XML Streams are unidirectional and this XMPP Connection Request mechanism requires
the use of two XML Streams over a single TCP connection.
• They must be able to use Transport Layer Security (TLS) to establish an encrypted and secure TCP
connection with the XMPP Server
• They must be able to use Simple Authentication and Security Layer (SASL) to authenticate with the
XMPP Server. A Username and Password are used as the credentials for the SASL authentication
procedure.
• They must be able to reestablish the connection to the XMPP Server if the connection is lost.
To Next Page
Loading...
