HTTP/HTTPS

Introduction

The device provides a built-in Web server. You can use a Web browser to log in to the device through HTTP or HTTPS.

• HTTP login

  The device supports HTTP 1.0 and HTTP 1.1.

• HTTPS login

  HTTPS uses SSL to ensure the integrity and security of data exchanged between the client and the server, and is more secure than HTTP.

  To allow HTTPS login, you must enable the HTTPS service. By default, the device uses a self-signed certificate (a certificate that is generated and signed by the device itself) and the default SSL settings.

  For better integrity and security of data exchanged between the client and the server, you can associate an SSL server policy with HTTPS to define the SSL settings.

  The device supports the following HTTPS login types:

  • Username—A user must provide a username and password at login.

  • Certificate—A user must provide a digital certificate at login.

  • Username and certificate—A user must provide a username and password together with a digital certificate at login.

  USB key login is a certificate-based HTTPS login method. If a user clicks Log in using a USB key on the login page, the user needs to select a digital certificate in the USB key as prompted to log in.

The device can use ACLs to prevent unauthorized HTTP and HTTPS access. If the used ACLs exist and have rules, only users permitted by the ACLs can access the device through HTTP or HTTPS.

vSystem support information

Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.

Restrictions and guidelines

• To use the username login method, do not enable SSL client authentication in the SSL server policy. To use other login methods, you must configure an SSL server policy and enable SSL client authentication.

• If you specify both an ACL number and an ACL name when creating an ACL at the CLI, only the ACL number appears in the list.

Configure HTTP/HTTPS

Configure HTTP login

1. Click the Network tab.

2. Select Services > HTTP/HTTPS.

3. Configure HTTP login parameters.

   Figure-1 Configuring HTTP login parameters

   

   Table-1 HTTP login configuration items

   Item	Description
   HTTP login	HTTP login is enabled by default and cannot be disabled on the Web interface.
   HTTP service port	Specify the HTTP service port number.
   Login control ACL type	Specify the login control ACL type. Options include: IPv4/IPv6. Layer 2 ACL.
   IPv4 ACL	Specify an IPv4 ACL. You can select a created IPv4 ACL or create an IPv4 ACL. This field is available only when you specify the login control ACL type as IPv4/IPv6.
   IPv6 ACL	Specify an IPv6 ACL. You can select a created IPv6 ACL or create an IPv6 ACL. This field is available only when you specify the login control ACL type as IPv4/IPv6.
   Layer 2 ACL	Specify a Layer 2 ACL. You can select a created Layer 2 ACL or create a Layer 2 ACL. This field is available only when you specify the login control ACL type as Layer 2 ACL.

4. Click Apply.

Configure HTTPS login

HTTPS login is the secure version of HTTP login, used for secure communication over networks. By configuring HTTPS login, users can enable SSL server-side policies to encrypt data exchanged between clients and the device, enhancing security.

1. Click the Network tab.

2. Select Services > HTTP/HTTPS.

3. Configure HTTPS login parameters.

   Figure-2 Configuring HTTPS login parameters

   

   Table-2 HTTPS login configuration items

   Item	Description
   HTTPS login	HTTPS login is enabled by default and cannot be disabled on the CLI.
   HTTPS service port	Specify the HTTPS service port number.
   Login control ACL type	Specify the login control ACL type. Options include: IPv4/IPv6. Layer 2 ACL.
   IPv4 ACL	Specify an IPv4 ACL. You can select a created IPv4 ACL or create an IPv4 ACL. This field is available only when you specify the login control ACL type as IPv4/IPv6.
   IPv6 ACL	Specify an IPv6 ACL. You can select a created IPv6 ACL or create an IPv6 ACL. This field is available only when you specify the login control ACL type as IPv4/IPv6.
   Layer 2 ACL	Specify a Layer 2 ACL. You can select a created Layer 2 ACL or create a Layer 2 ACL. This field is available only when you specify the login control ACL type as Layer 2 ACL.
   SSL server policy	Associate a created SSL server policy to the HTTPS service. To configure an SSL server policy, go to the Objects > SSL > SSL Server Policies page.
   Login authentication method	Specify the login authentication method. Options include: Username. Certificate. Username and certificate.
   Certificate field	Specify the certificate field to be used as the username for certificate-based authentication. Options include: cn—Use the CN field in the certificate as the username. email-prefix—Use the string before the @ sign in the emailAddress field of the certificate as the username. oid—Uses the field corresponding to an OID as the username.
   OID value	Specify the OID value. This field is available only when you select oid for the Certificate field field.

4. Click Apply.

Configure HTTP/HTTPS connection idle timeout

The HTTP/HTTPS connection idle timeout indciates the time that a user connection remains idle before the user is logged out. This behavior can protect user account security.

1. Click the Network tab.

2. Select Services > HTTP/HTTPS.

3. Configure HTTP/HTTPS connection idle timeout.

4. Click Apply.

   Figure-3 Configuring connection idle timeout