beautypg.com

The tls alg, Section 6.2.10, “the tls alg – Amer Networks E5Web GUI User Manual

Page 439

background image

Destination Network: hq-net

Comment: Allow the Gateway to communicate with the Gatekeeper connected to the
Head Office

3.

Click OK

Note: Outgoing calls do not need a specific rule

There is no need to specify a specific rule for outgoing calls. cOS Core monitors the
communication between "external" phones and the Gatekeeper to make sure that it is
possible for internal phones to call the external phones that are registered with the
gatekeeper.

6.2.10. The TLS ALG

Overview

Transport Layer Security (TLS) is a protocol that provides secure communications over the public
Internet between two end points through the use of cryptography as well as providing endpoint
authentication.

Typically in a TLS client/server scenario, only the identity of the server is authenticated before
encrypted communication begins. TLS is very often encountered when a web browser connects
with a server that uses TLS such as when a customer accesses online banking facilities. This is
sometimes referred to as an HTTPS connection and is often indicated by a padlock icon
appearing in the browser's navigation bar.

TLS can provide a convenient and simple solution for secure access by clients to servers and
avoids many of the complexities of other types of VPN solutions such as using IPsec. Most web
browsers support TLS and users can therefore easily have secure server access without requiring
additional software.

The Relationship with SSL

TLS is a successor to the Secure Sockets Layer (SSL) but the differences are slight. Therefore, for
most purposes, TLS and SSL can be regarded as equivalent. In the context of the TLS ALG, we can
say that the Clavister Security Gateway is providing SSL termination since it is acting as an SSL
end-point.

Supported Standards

With SSL and TLS, cOS Core provides termination support for SSL 3.0 as well as TLS 1.0, with RFC
2246 defining the TLS 1.0 support (and cOS Core supporting the server side part of RFC 2246).

Both cOS Core TLS ALG and SSL VPN also support renegotiation as defined by RFC 5746.

TLS is Certificate Based

TLS security is based on the use of digital certificates which are present on the server side and

Chapter 6: Security Mechanisms

439

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: