Chapter 18 SSL VPN

Table 77 Input Values for SSL VPN Commands (continued)

LABEL

DESCRIPTION

user_name

The name of a user (group). You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value

 

is case-sensitive.

eps_profile_name

The name of an endpoint security object.

The following sections list the SSL VPN commands.

18.2.1 SSL VPN Commands

This table lists the commands for SSL VPN. You must use the configure terminal command to enter the configuration mode before you can use these commands.

Table 78 SSL VPN Commands

COMMAND

DESCRIPTION

show sslvpn policy [profile_name]

Displays the settings of the specified SSL VPN access policy.

show ssl-vpn network-extension local-ip

Displays the IP address that the ZyWALL uses in setting up the SSL VPN.

show sslvpn monitor

Displays a list of the users who are currently logged into the VPN SSL client

 

portal.

 

 

sslvpn network-extension local-ip ip

Sets the IP address that the ZyWALL uses in setting up the SSL VPN.

sslvpn policy {profile_name

Enters the SSL VPN sub-command mode to add or edit an SSL VPN access

profile_name append profile_name

policy.

insert <1..16>}

 

[no] activate

Turns the SSL VPN access policy on or off.

[no] application

Adds the SSL application object to the SSL VPN access policy.

application_object

 

 

 

[no] cache-clean activate

Cleans the cookie, history, and temporary Internet files in the user’s

 

browser’s cache when the user logs out. The ZyWALL returns them to the

 

values present before the user logged in. The no command disables this

 

setting.

 

 

[no] description description

Adds information about the SSL VPN access policy. Use up to 60 characters

 

(“0-9”, “a-z”, “A-Z”, “-” and “_”).

[no] eps <1..8> eps_profile_name

Sets endpoint security objects to be used for the SSL VPN access policy.

 

The ZyWALL checks authenticated users’ computers against the policy’s

 

selected endpoint security objects in the order from 1 to 8 you specified.

 

When a user’s computer meets an endpoint security object’s requirements

 

the ZyWALL grants access and stops checking.

 

To make the endpoint security check as efficient as possible, arrange the

 

endpoint security objects in order with the one that the most users should

 

match first and the one that the least users should match last.

 

 

[no] eps activate

Sets to have the ZyWALL check that users’ computers meet the Operating

 

System (OS) and security requirements of one of the SSL access policy’s

 

selected endpoint security objects before granting access. The no

 

command disables this setting.

 

 

eps insert <1..8> eps_profile_name

Inserts the specified endpoint security object to the specified position for

 

the endpoint security objects checking order.

eps move <1..8> to <1..8>

Moves the first specified endpoint security object to the second specified

 

endpoint security object’s position.

 

 

[no] eps periodical-check activate

Sets whether to have the ZyWALL repeat the endpoint security check at a

 

regular interval configured using the next command. The no command

 

disables this setting.

152

 

ZyWALL (ZLD) CLI Reference Guide