ZyXEL Confidential
404XD3C0.docx
173/181
1. When Local ID Content is blank which means user doesn’t type anything here, during
IKE negotiation, my ID content will be “My IP Addr” (if it’s not 0.0.0.0) or local’s
WAN IP.
2. When “Peer ID Content” is not blank, ID of incoming packet has to match our setting.
Or the connection request will be rejected.
3. When “Secure Gateway IP Addr” is 0.0.0.0 and “Peer ID Content” is blank, system can
only check ID type. This is a kind of “dynamic rule” which means it accepts incoming
request from any IP, and these requests’ ID type is IP. So if user put a such kind of rule
in top of rule list, it may be matched first. To avoid this problem, we will enhance it in
the future.
Appendix 6 Embedded HTTPS proxy server
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over
SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and
decrypts user page requests as well as the pages that are returned by the Web server.
HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sublayer under
its regular HTTP application layering.
The ZyWALL’s embedded HTTPS proxy server is basically an SSL server which
performs SSL transactions, on behalf of the embedded HTTP server, with an SSL client
such as MSIE or Netscape. As depicted by the figure below, when receiving a secure
HTTPS request from an SSL-aware Web browser, the HTTPS proxy server converts it into
a non-secure HTTP request and sends it to the HTTP server. On the other hand, when
receiving a non-secure HTTP response from the HTTP server, the HTTPS proxy server
converts it into a secure HTTPS response and sends it to the SSL-aware Web browser.
By default, the HTTPS proxy server listens on port 443 instead of the HTTP default
port 80. If the ZyWALL’s HTTPS proxy server port is changed to a different number, say
8443, then the URL for accessing the ZyWALL’s Web user interface should be changed to
https://hostname:8443/
accordingly.
Appendix 7 Wi-Fi Protected Access
Wi-Fi Protected Access(WPA) is a subset of the IEEE 802.11i. WPA improves
data encryption by using TKIP, MIC and IEEE 802.1X. Because WPA applies 802.1X to
authenticate WLAN users by using an external RADIUS server, so you can not use the
Local User Database for WPA authentication.
For those users in home or small office, they have no RADIUS server, WPA provides the
benefit of WPA through the simple “WPA-PSK”. Pre-Shared Key(PSK) is manually
entered in the client and ZyWALL for authentication. ZyWALL will check the client PSK
and allow it join the network if it’s PSK is matched. After the client pass the authentication,
ZyWALL will derived and distribute key to the client, and both of then will use TKIP
process to encrypt exchanging data.
(265 stránky)
(192 stránky)
(49 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce