Chapter 37 System
ZyWALL ATP Series User’s Guide
710
37.7.5 Service Control Rules
Click
Add
or
Edit
in the
Service Control
table in a
WWW
,
SSH
,
Telnet
,
FTP
or
SNMP
screen to add a service
control rule.
Edit
Double-click an entry or select it and click
Edit
to be able to modify the entry’s settings.
Remove
To remove an entry, select it and click
Remove
. The Zyxel Device confirms you want to
remove it before doing so. Note that subsequent entries move up by one when you take
this action.
Move
To change an entry’s position in the numbered list, select the method and click
Move
to
display a field to type a number for where you want to put it and press [ENTER] to move
the rule to the number that you typed.
#
This is the index number of the service control rule.
The entry with a hyphen (-) instead of a number is the Zyxel Device’s (non-configurable)
default policy. The Zyxel Device applies this to traffic that does not match any other
configured rule. It is not an editable rule. To apply other behavior, configure a rule that
traffic will match so the Zyxel Device will not have to use the default policy.
Zone
This is the zone on the Zyxel Device the user is allowed or denied to access.
Address
This is the object name of the IP address(es) with which the computer is allowed or denied
to access.
Action
This displays whether the computer with the IP address specified above can access the
Zyxel Device zone(s) configured in the
Zone
field (
Accept
) or not (
Deny
).
Authentication
Client Authentication
Method
Select a method the HTTPS or HTTP server uses to authenticate a client.
You must have configured the authentication methods in the
Auth. method
screen.
Other
When HTTPS Domain Filter blocks a page, the connection is redirected to a local web
server to display the blocking message. HSTS (HTTP Strict Transport Security) may be
activated in some browsers as the browser cached certificate is different to the one
displayed by the local server. In this case, you cannot see a blocking warning message.
Accessing a web page may require multiple connections to different sites to get all the
information in the web page. When there is a connection to a HTTPS website that belongs
to a blocked category, it is filtered, but you don't receive a warning page with the option
to continue. For example, you want to block www.google.com and issue a
Warn
action.
When you connect to www.google.com another connection to pic.google.com is
created to get the pictures on the Google page. www.google.com can display a
warning page in your browser (and you can click ‘Continue’ to forward the connection)
but the connection to pic.google.com cannot display a ‘Continue’ dialog, so parts of the
Google page will appear blank and will not display the related picture content.
Enable Content Filter
HTTPS Domain Filter
Block/Warn Page
Use this field to have the Zyxel Device display a warning page instead of a blank page
when an HTPPS connection is redirected.
Block/Warn Page Port
Use the default port number as displayed for the warning page. If you change it, the new
port number should be unique.
Apply
Click
Apply
to save your changes back to the Zyxel Device.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 311 Configuration > System > WWW > Service Control (continued)
LABEL
DESCRIPTION