What is Hypertext Transfer Protocol Secure


An HTTP protocol that runs on top of Transport Layer Security (TLS) and Secure Sockets Layer (SSL). It is used to establish a reliable channel for encrypted communication and secure identification of a network web server. For details about HTTPS, see RFC2818.

Other related questions:
Which Protocols Does a Security Group Support?

The protocol used by a security group can be set to TCP, UDP, ICMP, or ANY. ANY indicates that the security group takes effect for all protocols. If the TCP or UDP protocol is selected, configure ports 1 to 65535 for the protocols to access the security group. If the ICMP protocol is selected, you can set the ICMP protocol type. The default value is ANY.

What Is a Security Group?

A security group implements access control for ECSs within a security group and between different security groups. After a security group is created, you can create different access rules for the security group to protect the ECSs that are added to this security group.

Definition of the security level of a security zone on the firewall
In a VPN instance, each security zone has a globally unique security priority. That is, two security zones with the same security priority do not exist in a VPN instance. The security level ranges from 1 to 100. A larger value indicates a higher security level. By default, the device has four security zones, and their security levels are as follows: 1. The Untrust zone is a security zone with a low security level, namely, 5. It is usually used to define insecure networks, such as the Internet. 2. The DMZ is a security zone with a medium security level, namely, 50. It is usually used to define the zone where the intranet server resides. Devices of this type are deployed on the intranet but frequently accessed from the extranet, causing large security risks. In addition, they are not allowed to proactively access the extranet. Therefore, they are deployed in a zone whose security level is lower than Trust but higher than Untrust. 3. The Trust zone is a security zone with a relatively high security level, namely, 85. It is usually used to define the zone where the intranet device users reside. 4. The Local zone is the security zone of the highest security level, namely, 100. A local zone is a device itself, including interfaces on the device. All packets constructed on and proactively sent from the device are regarded as from the Local area; those to be responded and processed by the device (including the packets to be detected or directly forwarded) are regarded as to the Local zone. Users cannot change Local zone configurations, for example, adding interfaces to the Local zone. You cannot delete a default security zone or reset its security level. You can also create security zones and define their security levels as required.

USG firewall security association
USG firewall security association What is security association (SA)? The IPSec SA is a unidirectional logical connection created for security purposes. The SA is bidirectional and requires an IPSec SA in each direction. The number of SAs depends on the security protocol. If either the AH or ESP is used to protect traffic between peers, two SAs, one in each direction, exist between the peers. If both the AH and the ESP are used, four SAs, two in each direction corresponding to the AH and the ESP, exist between the peers. Therefore, an IPSec SA is not equivalent to a connection. The IPSec SA is uniquely identified by a triplet. The triplet includes the following elements: Security Parameter Index (SPI) The SPI is a 32-bit value that is generated to uniquely identify an SA. The SPI is carried in the AH and ESP headers. The SPI, destination IP address, and security protocol number uniquely identify an IPSec SA. Destination IP address Security protocol number (AH or ESP) Creation mode The IPSec SA is classified into two types: SA that is manually created and SA that is created by means of IKE automatic negotiation (isakmp). Major differences between two types of SAs are as follows: Different key generation modes In manual mode, all parameters required by the IPSec SA, including encryption and verification keys, are manually configured or manually updated. In IKE mode, encryption and verification keys required by the IPSec SA are generated by the DH algorithm and can be dynamically updated. The key management cost is low and the security is high. Different IPSec SA lifetime In manual mode, once an IPSec SA is created, it permanently exists. In IKE mode, the IPSec SA establishment is triggered by the data flow, and the SA lifetime is controlled by lifetime parameters configured on both ends.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top