|
•
|
apply Endpoint Security (EPS) checking to require users’ computers to comply with defined corporate policies before they can access the SSL VPN tunnel.
|
|
•
|
|
Object screen
|
||
|
User Account/ User Group
|
||
|
Endpoint Security
|
Endpoint Security
|
Endpoint Security (EPS) checking makes sure users’ computers comply with defined corporate policies before they can access the SSL VPN tunnel.
|
|
SSL Application
|
Configure an SSL application object to specify the type of application and the address of the local computer, server, or web site SSL users are to be able to access.
|
|
|
Configure an address object that defines a range of private IP addresses to assign to user computers so they can access the internal network through a VPN connection.
|
||
|
Server Addresses
|
Configure address objects for the IP addresses of the DNS and WINS servers that the ZyWALL sends to the VPN connection users.
|
|
|
Configure an address object to specify which network segment users are allowed to access through a VPN connection.
|
|
•
|
See SSL VPN Example for an SSL VPN example.
|
|
•
|
See Endpoint Security for details on endpoint security objects.
|
|
•
|
See SSL Application for details on SSL application objects.
|
|
Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry.
|
|
|
Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.
|
|
|
To remove an entry, select it and click Remove. The ZyWALL confirms you want to remove it before doing so.
|
|
|
To turn on an entry, select it and click Activate.
|
|
|
To turn off an entry, select it and click Inactivate.
|
|
|
To move an entry to a different number in the list, click the Move icon. In the field that appears, specify the number to which you want to move the interface.
|
|
|
Object References
|
Select an entry and click Object References to open a screen that shows which settings use the entry.
|
|
Access Policy Summary
|
|
|
Click Apply to save the settings.
|
|
|
Click Reset to discard all changes.
|
|
Create new Object
|
|||
|
Enter a descriptive name to identify this policy. You can enter up to 31 characters (“a-z”, A-Z”, “0-9”) with no spaces allowed.
|
|||
|
Select the zone to which to add this SSL access policy. You use zones to apply security settings such as firewall and remote management.
|
|||
|
Enter additional information about this SSL access policy. You can enter up to 60 characters ("0-9", "a-z", "A-Z", "-" and "_").
|
|||
|
Clean browser cache when user logs out
|
Select this to clean the cookie, history, and temporary Internet files in the user’s browser’s cache when the user logs out. The ZyWALL returns them to the values present before the user logged in.
|
||
|
The Selectable User/Group Objects list displays the name(s) of the user account and/or user group(s) to which you have not applied an SSL access policy yet.
To associate a user or user group to this SSL access policy, select a user account or user group and click >> to add to the Selected User/Group Objects list. You can select more than one name.
To remove a user or user group, select the name(s) in the Selected User/Group Objects list and click <<.
|
|||
|
Endpoint Security (EPS)
|
Use these fields to make sure users’ computers meet an endpoint security object’s Operating System (OS) and security requirements before granting access.
|
||
|
Enable EPS Checking
|
Select this to have the ZyWALL check that users’ computers meet the Operating System (OS) and security requirements of one of the SSL access policy’s selected endpoint security objects before granting access.
|
||
|
Periodical checking time
|
Select this and specify a number of minutes to have the ZyWALL repeat the endpoint security check at a regular interval.
|
||
|
Available EPS Objects / Selected EPS Objects
|
Configured endpoint security objects appear on the left. Select the endpoint security objects to use for this SSL access policy and click the right arrow button to add them to the selected list on the right. Use the [Shift] and/or [Ctrl] key to select multiple objects. Select any endpoint security objects that you want to remove from the selected list and click the left arrow button to remove them.
The ZyWALL checks authenticated users’ computers against the SSL access policy’s selected endpoint security objects in the order you list them here. When a user’s computer matches an endpoint security object the ZyWALL grants access and stops checking. Select an endpoint security object and use the up and down arrows to change it’s position in the list. To make the endpoint security check as efficient as possible, arrange the endpoint security objects in order with the one that the most users should match first and the one that the least users should match last.
|
||
|
SSL Application List (Optional)
|
The Selectable Application Objects list displays the name(s) of the SSL application(s) you can select for this SSL access policy.
To associate an SSL application to this SSL access policy, select a name and click >> to add to the Selected Application Objects list. You can select more than one application.
To remove an SSL application, select the name(s) in the Selected Application Objects list and click <<.
|
||
|
Enable Network Extension
|
Select this option to create a VPN tunnel between the authenticated users and the internal network. This allows the users to access the resources on the network as if they were on the same local network. This includes access to resources not supported by SSL application objects. For example this lets users Telnet to the internal network even though the ZyWALL does not have SSL application objects for Telnet.
Clear this option to disable this feature. Users can only access the applications as defined by the VPN tunnel’s selected SSL application settings and the remote user computers are not made to be a part of the local network.
|
||
|
Force all client traffic to SSL VPN tunnel
|
Select this to send all traffic from the SSL VPN clients through the SSL VPN tunnel. This replaces the default gateway of the SSL VPN clients with the SSL VPN gateway.
|
||
|
The SSL VPN IP pool cannot overlap with IP addresses on the ZyWALL's local networks (LAN and DMZ for example), the SSL user's network, or the networks you specify in the SSL VPN Network List.
|
|||
|
DNS/WINS Server 1..2
|
Select the name of the DNS or WINS server whose information the ZyWALL sends to the remote users. This allows them to access devices on the local network using domain names instead of IP addresses.
|
||
|
To allow user access to local network(s), select a network name in the Selectable Address Objects list and click >> to add to the Selected Address Objects list. You can select more than one network.
To block access to a network, select the network name in the Selected Address Objects list and click <<.
|
|||
|
Network Extension Local IP
|
|||
|
SSL VPN Login Domain Name 1/2
|
Specify a full domain name for users to use for SSL VPN login. The domain name must be registered to one of the ZyWALL’s IP addresses or be one of the ZyWALL’s DDNS entries. You can specify up to two domain names so you could use one domain name for each of two WAN ports. For example, www.zyxel.com is a fully qualified domain name where “www” is the host.
|
||
|
Specify a message to display on the screen when a user logs in and an SSL VPN connection is established successfully. You can enter up to 60 characters (0-9, a-z, A-Z, '()+,/:=?;!*#@$_%-") with spaces allowed.
|
|||
|
Specify a message to display on the screen when a user logs out and the SSL VPN connection is terminated successfully. You can enter up to 60 characters (0-9, a-z, A-Z, '()+,/:=?;!*#@$_%-") with spaces allowed.
|
|||
|
Update Client Virtual Desktop Logo
|
You can upload a graphic logo to be displayed on the web browser on the remote user computer. The ZyXEL company logo is the default logo.
Specify the location and file name of the logo graphic or click Browse to locate it.
|
||
|
Click Browse to locate the graphic file on your computer.
|
|||
|
Click Upload to transfer the specified graphic file from your computer to the ZyWALL.
|
|||
|
Reset Logo to Default
|
Click Reset Logo to Default to display the ZyXEL company logo on the remote user’s web browser.
|
||
|
Click Apply to save the changes and/or start the logo file upload process.
|
|||
|
Click Reset to return the screen to its last-saved settings.
|
|||
|
1
|
|
2
|
Click Browse to locate the logo graphic. Make sure the file is in GIF, JPG, or PNG format.
|
|
3
|
Click Apply to start the file transfer process.
|
|
1
|
Click Configuration > VPN > SSL VPN > Access Privilege > Add and click Create New Object > Application to create an SSL application object. Set the Type to Web Application, the Server Type to Web Server, and the URL to http://info. Select Web Page Encryption to prevent users from saving the web content.
|
|
2
|
Enable the policy. Enter a descriptive name in the Name field (“SSL-Example” here). Select the users to which to give access (the Sales user group here). Select the SSL application object you created (“WebExample” here). Click OK.
|
|
3
|
Display the ZyWALL’s login screen, enter your user account information (the user name and password), and click SSL VPN to establish an SSL VPN connection.
|
|
4
|
Your computer starts establishing a secure connection to the ZyWALL after the login. This may take up to two minutes. If you get a message about needing Java, download and install it and restart your browser and re-login. If a certificate warning screen displays, click OK, Yes or Continue.
|
|
5
|
The client portal screen displays after the connection is up. In this example, click the Web Server link to go to http://info.
|