From cb0d31884a78a7445aeed3ebd70a39cea92ee5eb Mon Sep 17 00:00:00 2001 From: zhengchao Date: Wed, 14 Apr 2021 18:56:23 +0800 Subject: 修正部分措辞,提高文档通用性。 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- content/Appendix_Log_Fields_Description.tex | 16 ++++++++-------- content/Appendix_TSG_Packet_Flow.tex | 7 +++++-- content/Getting_Started.tex | 2 +- content/Policies.tex | 15 ++++++++------- 4 files changed, 22 insertions(+), 18 deletions(-) diff --git a/content/Appendix_Log_Fields_Description.tex b/content/Appendix_Log_Fields_Description.tex index 6409220..635c704 100644 --- a/content/Appendix_Log_Fields_Description.tex +++ b/content/Appendix_Log_Fields_Description.tex @@ -60,11 +60,11 @@ it will display columns that the user has previously configured. The fields with Ingress—External to Internal \\\hline - \textbf{Sled IP} & IP of sled which the session was logged \\\hline - Client Location & Location the session client IP from.\\\hline - Client ASN & BGP Autonomous system number the session client IP from\\\hline - \textbf{Server Location} & Location the session server IP from\\\hline - Server ASN & BGP Autonomous system number the session server IP from\\\hline + \textbf{Sled IP} & IP of sled which the session was processed \\\hline + Client Location & Geographic location the client IP\\\hline + Client ASN & BGP Autonomous system number the client IP\\\hline + \textbf{Server Location} & Geographic location the server IP\\\hline + Server ASN & BGP Autonomous system number the server IP\\\hline Sessions & Number of sessions with same client IP, server IP, Application, seen within 5 seconds\\\hline Packets Sent & Number of client-to-server packets for the session\\\hline Packets Received & Number of server-to-client packets for the session\\\hline @@ -230,13 +230,13 @@ it will display columns that the user has previously configured. The fields with SSL.Intercept State & Intercept State of current SSL session, possible values are: - 0-passthrough, + 0-passthrough: not decrypted - 1-intercept + 1-intercept: decrypted - 2-shutdown \\\hline + 2-shutdown: connection due to exception\\\hline \tabincell{l}{SSL.Server Side\\ Latency(ms)} & Server side establish latency of current SSL session \\\hline \tabincell{l}{SSL.Client Side\\ Latency(ms)} & Client side establish latency of current SSL session \\\hline SSL.Server Side Version & Server-side SSL version latency of current session, possible values are: diff --git a/content/Appendix_TSG_Packet_Flow.tex b/content/Appendix_TSG_Packet_Flow.tex index dc79c36..14526e8 100644 --- a/content/Appendix_TSG_Packet_Flow.tex +++ b/content/Appendix_TSG_Packet_Flow.tex @@ -187,14 +187,17 @@ The proxy fixes this problem by following two mechanisms: \addcontentsline{toc}{subsubsection}{TCP Stack} \label{sec:appendix_e:sequence:proxy:TCP} -Opening a TCP connection involves a three-way handshake involving packets: the client contacts the server, the server acknowledges the client, and the client acknowledges the server. The proxy’s TCP stack attempts to connect server-side immediately after receiving the client's initial connection request, but waits to return the server acknowledgement until determining whether or not the server-side connection succeeds. This provides greater transparency, as the client receives either an RST or no response, which mirrors what is sent from a server when connections fail. +Opening a TCP connection involves a three-way handshake packets: the client contacts the server, the server acknowledges the client, and the client acknowledges the server. +The proxy’s TCP stack attempts to connect server-side immediately after receiving the client’s initial connection request, but waits to return the server acknowledgement until determining whether or not the server-side connection succeeds. +The TCP stack act as transparent proxy and keep the same TCP connection source and destination IP and ports. +This provides greater transparency, as the client receives either an RST or no response, which mirrors what is sent from a server when connections fail. %\pdfbookmark[3]{Build SSL Session}{Build SSL Session} \subsubsection*{\hypertarget{link:Build SSL Session}{Build SSL Session}} \addcontentsline{toc}{subsubsection}{Build SSL Session} \label{sec:appendix_e:sequence:proxy:build} -The proxy first builds server-side SSL session, if the server certificate verification is failed, the proxy will sign certificate with untrusted root. That’s because the proxy wants the untrust certificate to warn users that they are trying to access potentially unsafe sites. +The proxy first builds server-side SSL session, if the server certificate verification is failed, the proxy will sign certificate with untrusted root certificate. That’s because the proxy wants the untrusted certificate to warn users that they are trying to access potentially unsafe sites. %\pdfbookmark[3]{Proxy Policy Lookup}{Proxy Policy Lookup} \subsubsection*{\hypertarget{link:Proxy Policy Lookup}{Proxy Policy Lookup}} diff --git a/content/Getting_Started.tex b/content/Getting_Started.tex index 11c7161..d1ea6f9 100644 --- a/content/Getting_Started.tex +++ b/content/Getting_Started.tex @@ -324,7 +324,7 @@ Perform the following steps to add a LOCAL administrative account on TSG.\\ \item[STEP 5.] If you enable \textbf{Required Password Change}, fill in the \textbf{Required Password Change Period}. A message will show up when you login after the period expires to enforce you to change to a new password. \item[STEP 6.] Verify that the account is \textbf{Enabled}. - \item[STEP 7.] Select \textbf{Role Management} from dropdown list. Each account must and can only have one role, which defines different user permissions. + \item[STEP 7.] Select \textbf{Role} from dropdown list. Each account must and can only have one role, which defines different user permissions. For details, see \hyperlink{link:Roles and Permissions}{\textcolor{linkblue}{Roles and Permissions}}. \item[STEP 8.] Click \textbf{OK}. \item[STEP 9.] (\textcolor{gold}{Optional})To verify that you have add a TSG account effectively, you can \textbf{Sign Out} and log into the system with the new account. diff --git a/content/Policies.tex b/content/Policies.tex index 0f7c171..e119871 100644 --- a/content/Policies.tex +++ b/content/Policies.tex @@ -46,7 +46,7 @@ The policy ID allows you to track the rule across rules even after you disable t \notemark\textit{Note that activation of policy rules on all devices is no more than 1 minute. -For details about capacities of policies and URLs/URIs, and other system parameters, see \textcolor{darkblue}{\textbf{\underline{ADC-L404 Datasheet}}}.} +For details about capacities of policies and URLs/URIs, and other system parameters, see product datasheet.} %\pdfbookmark[2]{Rule Types}{Rule Types} \subsection*{\hypertarget{link:Rule Types}{Rule Types}} @@ -60,7 +60,7 @@ TSG supports a variety of policy types that work together to safely enable appli \rowcolor{black}\multicolumn{1}{l!{\color{white}\vrule width 0.5pt}}{\textcolor{white}{Policy Type}} & \textcolor{white}{Description} \\\hline Security & Determine whether to allow, deny, monitor or intercept a session based on traffic attributes such as the IP addresses, subscriber ID, APP ID and protocol fields. For more details, see \hyperlink{link:Security Policy}{\color{linkblue}{Security Policy}}.\\\hline - \begin{tabular}{l}\tabincell{l}{Proxy\\ Manipulation}\end{tabular} & Instruct the proxy how to manipulate (including allow, deny, monitor, redirect, replace, hijack and insert), + \begin{tabular}{l}\tabincell{l}{Proxy}\end{tabular} & Instruct the proxy how to manipulate (including allow, deny, monitor, redirect, replace, hijack and insert), a session based on traffic attributes such as the source and destination IP address, the subscriber ID, and filter, including host, URL, request header, response header, request content and response content. Encrypted traffic Identified will be decrypted for further control. Manipulation requires targeted sessions are intercepted in security policies. For more details, see \hyperlink{link:Proxy Policy}{\color{linkblue}{Proxy Policy}}.\\\hline @@ -248,12 +248,13 @@ For traffic that matches the attributes defined in a security policy, you can ap Redirect.\\ Sub Action of Deny:\\ \textbf{Drop}, silently drops the traffic.\\ - \textbf{RST}, sends a TCP reset to the client-side device.\\ - \textbf{Block}, sends 403/404 return code and customized content to \\ + \textbf{RST}, session was terminated and a TCP reset is sent to both \\ + the sides of the connection.\\ + \textbf{Block}, sends HTTP 403/404 response code and customized content to \\ the client.\\ - \textbf{Alert}, sends 200/204 return code and customized content to the \\ - client.\\ - \textbf{Redirect}, redirects to the link set in the policy configuration. + \textbf{Alert}, sends HTTP 200/204 response code and customized content to \\ + the client.\\ + \textbf{Redirect}, redirects to the URL set in the policy configuration. \end{tabular}\\ \hline Intercept & Intercept HTTP/HTTPS traffic for proxy. If the traffic use SSL/TLS, it will be decrypted.\\\hline Monitor & Scan all allowed traffic and generate a detailed log.\\\hline -- cgit v1.2.3