Manual

ManualsBrandsRed Lion ManualsHardwareIndustrialPr 6000 Router

101

102

103

104

105

106

107

108

109

110

Table Of Contents

Software User Guide 106

Services Tab

EnableSSL:SelectYestoconfigureSSLclient/server.SelectNoandclicktheApplybuttontodisableSSL.

SelectActivityLogLevel:Thiscontrolsthelog ginglevelforSSLConnectionactivity.Therecommendedsettingfora

productionenvironmentisSummary.TherecommendedsettingforatestenvironmentisFull.

Waitfor

Connection(sec.):Time(inseconds)allowedaftersendingSYNpackets,towaitforSYN‐ACK.Therecom‐

mendedsettingforthisfieldis20seconds.

IdleTimeout(min.):Time(inminutes)allowedfornotrafficoveranSSLconnection,beforeclosingdownthelink.The

recommendedsettingis720minutes.

Select

Certificate:Aservercertificatemustbeprovided.Thiswillbeusedtoencryptcommunicationwithallclients.

ThecertificatesmustbeinPEMformat,withanunencryptedkey(notpasswordprotectedwhengenerated).Self

signedcertificatesarehighlyrecommended.UseAdmin‐>CertificateManagertoinstall/updatecerts.

EnableAdvancedSetup:SelectYes

tomodifyadvancedSSLoptions.

BindInterfaceforacceptingSSLConnections:Thiswillrestricttheencryptedlisteningsockettoallowconnections

comingintothespecifiedinterfaceonly.TherecommendedsettingforthisfieldisAny.

BindInterfaceforoutgoingTCPConnections:Thiswillrestricttheunencryptedsockettoinitiateconnectionsout

the

specifiedinterfaceonly.Specifyinganinterfaceheremayconflictwithpolicyrouting,howeveritmayberequiredina

GRE/VPNorothertunneledenvironment.Pleaseconsultwithanetworkarchitectforadditionalassistance.Therec‐

ommendedsettingforthisfieldisAny.

Ciphers:Thisfieldisalistofopenssl

cipherssupported.Pleaseconsultsupportstaffbeforeattemptingtochange.Ref‐

erenceGoogle:”opensslcipherlist”formoreinformation.Therecommendedsettingsforthisfieldare:RC4‐MD5:RC4‐

SHA:SSLv3.

SelectKeep‐Alivebehavior:ThisoptionenablesTCPKeep‐alivesontheunderlyingsockets.Thefollowingoptionsare

supported:

SelectKeep‐Alive

behavior:ThisoptionenablesTCPKeep‐alivesontheunderlyingsockets.Thefollowingoptionsare

supported:

•None:Keep‐alivesnotused.

• All:Keep‐alivesenabledforallsockets.

• Accept:Keep‐alivesenabledforlisteningserversocketside connectionsonly.Thisappliestothecleartextser verforCli‐

entmodesockets,ortheSSLEncryptedserverforServermodesockets.

•Remote:Keep‐alivesenabledforclientinitiatedsockets.

•Local:

Keep‐alivesenabledforClientconnectionsboundtoalocalIPaddress.

YoumayneedtoadjustthemasterKeep‐alivetimer viaNetwork‐>TCPGlobalSettings‐>TCPKeepAlives.

Note:EnablingTCPkeep‐alivesmaydramaticallyincreasethetotalamountoftrafficfortheaffectedsocket(s)depend‐

ingonthemasterinterval,probeandtimeoutsettings,whichshouldbeconsideredforconnections

usingawireless

(cellular)connectionwithrespecttototaldatausageforthesubscriptedplan.

SSLServerTableProperties: