ZyXEL Communications 91-009-073003B 21.2 Authentication Policy Screen, 21.1.2 What You Need to Know

Chapter 21 Authentication Policy

21.1.2 What You Need to Know

Authentication Policy and VPN

Authentication policies are applied based on a traffic flow’s source and destination IP addresses. If VPN traffic matches an authentication policy’s source and destination IP addresses, the user must pass authentication.

Multiple Endpoint Security Objects

You can set an authentication policy to use multiple endpoint security objects. This allows checking of computers with different OSs or security settings. When a client attempts to log in, the ZyWALL checks the client’s computer against the endpoint security objects one-by-one. The client’s computer must match one of the authentication policy’s endpoint security objects in order to gain access.

Forced User Authentication

Instead of making users for which user-aware policies have been configured go to the ZyWALL Login screen manually, you can configure the ZyWALL to display the Login screen automatically whenever it routes HTTP traffic for anyone who has not logged in yet.

Note: This works with HTTP traffic only. The ZyWALL does display the Login screen when users attempt to send other kinds of traffic.

The ZyWALL does not automatically route the request that prompted the login, however, so users have to make this request again.

Finding Out More

See Section 7.7 on page 133 for an example of how to use endpoint security and authentication policies.

21.2 Authentication Policy Screen

The Authentication Policy screen displays the authentication policies you have configured on the ZyWALL.