User manual

Firewall

131

Upload SSL certificates

If you have purchased or created SSL certificates for a web server, you can upload them

to the SG unit under Upload SSL certificates tab.

Click Browse to locate the Local Certificate (RSA x509 certificate) and its

corresponding Private Key Certificate

Create SSL certificates

To create a self-signed certificate on the SG unit, click the Create SSL certificates tab.

Warning

When accessing the web management console using HTTPS, your web browser may

give warnings/errors about the authenticity/validity of the certificate. This is because it

has not been signed by a known Certificate Authority, it is self-signed.

Select the appropriate Country and certificate key length from the Generate an RSA key

of pull down menu. All other fields but Host name (Common Name) are optional; they

are used to create the certificate’s distinguished name.

Generating a certificate usually takes a few minutes, exact time depends on the model of

SG unit, and the key length. When the certificate has been created, A valid SSL

certificate has been installed is displayed under the Web Server tab.

Customizing the Firewall

The majority of firewall customization is typically accomplished by creating Packet Filter

and network address translation (NAT) rules.

Packet filter rules match network packets based on a combination of incoming and

outgoing interface, source and destination address and destination port and protocol.

Once a packet is matched, it can be allowed or disallowed.

NAT rules match packets in a similar manner. However, instead of simply allowing or

disallowing traffic, you may alter the source or destination address and/or port of the

packet as it passes through the firewall.