
Chapter 24 SSL VPN
•apply Endpoint Security (EPS) checking to require users’ computers to comply with defined corporate policies before they can access the SSL VPN tunnel.
•limit user access to specific applications or files on the network.
•allow user access to specific networks.
•assign private IP addresses and provide DNS/WINS server information to remote users to access internal networks.
SSL Access Policy Objects
The SSL access policies reference the following objects. If you update this information, in response to changes, the ZyWALL automatically propagates the changes through the SSL policies that use the object(s). When you delete an SSL policy, the objects are not removed.
Table 121 Objects
OBJECT | OBJECT | DESCRIPTION | |
TYPE | SCREEN | ||
| |||
User Accounts | User | Configure a user account or user group to which you want | |
| Account/ | to apply this SSL access policy. | |
| User Group |
| |
|
|
| |
Endpoint | Endpoint | Endpoint Security (EPS) checking makes sure users’ | |
Security | Security | computers comply with defined corporate policies before | |
|
| they can access the SSL VPN tunnel. | |
|
|
| |
Application | SSL | Configure an SSL application object to specify the type of | |
| Application | application and the address of the local computer, server, | |
|
| or web site SSL users are to be able to access. | |
|
|
| |
IP Pool | Address | Configure an address object that defines a range of | |
|
| private IP addresses to assign to user computers so they | |
|
| can access the internal network through a VPN | |
|
| connection. | |
|
|
| |
Server | Address | Configure address objects for the IP addresses of the DNS | |
Addresses |
| and WINS servers that the ZyWALL sends to the VPN | |
|
| connection users. | |
|
|
| |
VPN Network | Address | Configure an address object to specify which network | |
|
| segment users are allowed to access through a VPN | |
|
| connection. | |
|
|
|
You cannot delete an object that is referenced by an SSL access policy. To delete the object, you must first unassociate the object from the SSL access policy.
Finding Out More
•See Section 6.5.15 on page 101 for related information on these screens.
•See Section 24.4 on page 435 for how to establish an SSL VPN connection to the ZyWALL (after you have configured the SSL VPN settings on the ZyWALL).
•See Chapter 42 on page 621 for details on endpoint security objects.
•See Chapter 41 on page 615 for details on SSL application objects.
428 |
| |
ZyWALL USG 20/20W User’s Guide |
| |
|
|
|