Chapter 41 System
UAG5100 User’s Guide
407
41.7 WWW Overview
The following figure shows secure and insecure management of the UAG coming in from the WAN.
HTTPS and SSH access are secure. HTTP and Telnet access are not secure.
Note: To allow the UAG to be accessed from a specified computer using a service, make
sure you do not have a service control rule or to-Device firewall rule to block that
traffic.
for more on To-Device firewall rules.
To stop a service from accessing the UAG, clear Enable in the corresponding service screen.
41.7.1 Service Access Limitations
A service cannot be used to access the UAG when:
1
You have disabled that service in the corresponding screen.
2
The allowed IP address (address object) in the Service Control table does not match the client IP
address (the UAG disallows the session).
3
The IP address (address object) in the Service Control table is not in the allowed zone or the
action is set to Deny.
4
There is a firewall rule that blocks it.
41.7.2 System Timeout
There is a lease timeout for administrators. The UAG automatically logs you out if the management
session remains idle for longer than this timeout period. The management session does not time
out when a statistics screen is polling.
Each user is also forced to log in the UAG for authentication again when the reauthentication time
expires.
You can change the timeout settings in the User/Group screens.
Zone
Select ALL to allow or prevent DNS queries through any zones.
Select a predefined zone on which a DNS query to the UAG is allowed or denied.
Action
Select Accept to have the UAG allow the DNS queries from the specified computer.
Select Deny to have the UAG reject the DNS queries from the specified computer.
OK
Click OK to save your customized settings and exit this screen.
Cancel
Click Cancel to exit this screen without saving
Table 193
Configuration > System > DNS > Service Control Rule Add/Edit (continued)
LABEL
DESCRIPTION