Chapter 44 System
ZyWALL USG Series User’s Guide
927
44.7.5 Service Control Rules
Click Add or Edit in the Service Control table in a WWW, SSH, Telnet, FTP or SNMP screen to add a service
control rule.
Figure 647 Configuration > System > Service Control Rule > Edit
# This is the index number of the service control rule.
The entry with a hyphen (-) instead of a number is the Zyxel Device’s (non-configurable)
default policy. The Zyxel Device applies this to traffic that does not match any other
configured rule. It is not an editable rule. To apply other behavior, configure a rule that
traffic will match so the Zyxel Device will not have to use the default policy.
Zone This is the zone on the Zyxel Device the user is allowed or denied to access.
Address This is the object name of the IP address(es) with which the computer is allowed or denied
to access.
Action This displays whether the computer with the IP address specified above can access the
Zyxel Device zone(s) configured in the Zone field (Accept) or not (Deny).
Authentication
Client Authentication
Method
Select a method the HTTPS or HTTP server uses to authenticate a client.
You must have configured the authentication methods in the Auth. method screen.
Other When HTTPS Domain Filter blocks a page, the connection is redirected to a local web
server to display the blocking message. HSTS (HTTP Strict Transport Security) may be
activated in some browsers as the browser cached certificate is different to the one
displayed by the local server. In this case, you cannot see a blocking warning message.
Accessing a web page may require multiple connections to different sites to get all the
information in the web page. When there is a connection to a HTTPS website that belongs
to a blocked category, it is filtered, but you don't receive a warning page with the option
to continue. For example, you want to block www.google.com and issue a Warn action.
When you connect to www.google.com another connection to pic.google.com is
created to get the pictures on the Google page. www.google.com can display a
warning page in your browser (and you can click ‘Continue’ to forward the connection)
but the connection to pic.google.com cannot display a ‘Continue’ dialog, so parts of the
Google page will appear blank and will not display the related picture content.
Enable Content Filter
HTTPS Domain Filter
Block/Warn Page
Use this field to have the Zyxel Device display a warning page instead of a blank page
when an HTPPS connection is redirected.
Block/Warn Page Port Use the default port number as displayed for the warning page. If you change it, the new
port number should be unique.
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Table 374 Configuration > System > WWW > Service Control (continued)
LABEL DESCRIPTION
To Next Page
Loading...
