1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 142
Page 706 / 944 Scroll up to view Page 701 - 705
Chapter 45 System
ZyWALL USG 50 User’s Guide
706
2
When
Authenticate Client Certificates
is selected on the ZyWALL, the following
screen asks you to select a personal certificate to send to the ZyWALL. This screen
displays even if you only have a single certificate as in the example.
Figure 410
SSL Client Authentication
3
You next see the Web Configurator login screen.
Figure 411
Secure Web Configurator Login Screen
45.7
SSH
You can use SSH (Secure SHell) to securely access the ZyWALL’s command line
interface. Specify which zones allow SSH access and from which IP address the
access can come.
Page 707 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
707
SSH is a secure communication protocol that combines authentication and data
encryption to provide secure encrypted communication between two hosts over an
unsecured network. In the following figure, computer A on the Internet uses SSH
to securely connect to the WAN port of the ZyWALL for a management session.
Figure 412
SSH Communication Over the WAN Example
45.7.1
How SSH Works
The following figure is an example of how a secure connection is established
between two remote hosts using SSH v1.
Figure 413
How SSH v1 Works Example
1
Host Identification
The SSH client sends a connection request to the SSH server. The server
identifies itself with a host key. The client encrypts a randomly generated
session key with the host key and server key and sends the result back to the
server.
The client automatically saves any new server public keys. In subsequent
connections, the server public key is checked against the saved version on the
client computer.
Page 708 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
708
2
Encryption Method
Once the identification is verified, both the client and server must agree on the
type of encryption method to use.
3
Authentication and Data Transmission
After the identification is verified and data encryption activated, a secure tunnel
is established between the client and the server. The client then sends its
authentication information (user name and password) to the server to log in to
the server.
45.7.2
SSH Implementation on the ZyWALL
Your ZyWALL supports SSH versions 1 and 2 using RSA authentication and four
encryption methods (AES, 3DES, Archfour, and Blowfish). The SSH server is
implemented on the ZyWALL for management using port 22 (by default).
45.7.3
Requirements for Using SSH
You must install an SSH client program on a client computer (Windows or Linux
operating system) that is used to connect to the ZyWALL over SSH.
45.7.4
Configuring SSH
Click
Configuration > System > SSH
to change your ZyWALL’s Secure Shell
settings. Use this screen to specify from which zones SSH can be used to manage
the ZyWALL. You can also specify from which IP addresses the access can come.
Page 709 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
709
Note: It is recommended that you disable Telnet and FTP when you configure SSH for
secure connections.
Figure 414
Configuration > System > SSH
The following table describes the labels in this screen.
Table 221
Configuration > System > SSH
LABEL
DESCRIPTION
Enable
Select the check box to allow or disallow the computer with the IP
address that matches the IP address(es) in the
Service Control
table to
access the ZyWALL CLI using this service.
Version 1
Select the check box to have the ZyWALL use both SSH version 1 and
version 2 protocols. If you clear the check box, the ZyWALL uses only
SSH version 2 protocol.
Server Port
You may change the server port number for a service if needed, however
you must use the same port number in order to use that service for
remote management.
Server
Certificate
Select the certificate whose corresponding private key is to be used to
identify the ZyWALL for SSH connections. You must have certificates
already configured in the
My Certificates
screen (Click
My Certificates
and see
Chapter 41 on page 633
for details).
Service Control
This specifies from which computers you can access which ZyWALL
zones.
Add
Click this to create a new entry. Select an entry and click
Add
to create a
new entry after the selected entry. Refer to
Table 219 on page 695
for
details on the screen that opens.
Edit
Double-click an entry or select it and click
Edit
to be able to modify the
entry’s settings.
Remove
To remove an entry, select it and click
Remove
. The ZyWALL confirms
you want to remove it before doing so. Note that subsequent entries
move up by one when you take this action.
Page 710 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
710
45.7.5
Secure Telnet Using SSH Examples
This section shows two examples using a command interface and a graphical
interface SSH client program to remotely access the ZyWALL. The configuration
and connection steps are similar for most SSH client programs. Refer to your SSH
client program user’s guide.
45.7.5.1
Example 1: Microsoft Windows
This section describes how to access the ZyWALL using the Secure Shell Client
program.
1
Launch the SSH client and specify the connection information (IP address, port
number) for the ZyWALL.
2
Configure the SSH client to accept connection using SSH version 1.
3
A window displays prompting you to store the host key in you computer. Click
Yes
to continue.
Figure 415
SSH Example 1: Store Host Key
Move
To change an entry’s position in the numbered list, select the method
and click
Move
to display a field to type a number for where you want to
put it and press [ENTER] to move the rule to the number that you typed.
#
This the index number of the service control rule.
Zone
This is the zone on the ZyWALL the user is allowed or denied to access.
Address
This is the object name of the IP address(es) with which the computer is
allowed or denied to access.
Action
This displays whether the computer with the IP address specified above
can access the ZyWALL zone(s) configured in the
Zone
field (
Accept
) or
not (
Deny
).
Apply
Click
Apply
to save your changes back to the ZyWALL.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 221
Configuration > System > SSH (continued)
LABEL
DESCRIPTION

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top