Chapter 24 SSL VPN

Table 123 VPN > SSL VPN > Access Privilege > Add/Edit (continued)

LABEL

DESCRIPTION

Available EPS

Configured endpoint security objects appear on the left. Select the

Objects /

endpoint security objects to use for this SSL access policy and click the

Selected EPS

right arrow button to add them to the selected list on the right. Use the

Objects

[Shift] and/or [Ctrl] key to select multiple objects. Select any endpoint

 

security objects that you want to remove from the selected list and click

 

the left arrow button to remove them.

 

The ZyWALL checks authenticated users’ computers against the SSL

 

access policy’s selected endpoint security objects in the order you list

 

them here. When a user’s computer matches an endpoint security

 

object the ZyWALL grants access and stops checking. Select an

 

endpoint security object and use the up and down arrows to change it’s

 

position in the list. To make the endpoint security check as efficient as

 

possible, arrange the endpoint security objects in order with the one

 

that the most users should match first and the one that the least users

 

should match last.

 

 

SSL Application

The Selectable Application Objects list displays the name(s) of the

List (Optional)

SSL application(s) you can select for this SSL access policy.

 

To associate an SSL application to this SSL access policy, select a name

 

and click >> to add to the Selected Application Objects list. You can

 

select more than one application.

 

To remove an SSL application, select the name(s) in the Selected

 

Application Objects list and click <<.

 

 

Network Extension (Optional)

 

 

Enable Network

Select this option to create a VPN tunnel between the authenticated

Extension

users and the internal network. This allows the users to access the

 

resources on the network as if they were on the same local network.

 

Clear this option to disable this feature. Users can only access the

 

applications as defined by the selected SSL application settings and the

 

remote user computers are not made to be a part of the local network.

 

 

Assign IP Pool

Define a separate pool of IP addresses to assign to the SSL users. Select

 

it here.

 

The SSL VPN IP pool cannot overlap with IP addresses on the ZyWALL's

 

local networks (LAN and DMZ for example), the SSL user's network, or

 

the networks you specify in the SSL VPN Network List.

 

 

DNS/WINS

Select the name of the DNS or WINS server whose information the

Server 1..2

ZyWALL sends to the remote users. This allows them to access devices

 

on the local network using domain names instead of IP addresses.

 

 

Network List

To allow user access to local network(s), select a network name in the

 

Selectable Address Objects list and click >> to add to the Selected

 

Address Objects list. You can select more than one network.

 

To block access to a network, select the network name in the Selected

 

Address Objects list and click <<.

 

 

OK

Click Ok to save the changes and return to the main Access Privilege

 

screen.

 

 

Cancel

Click Cancel to discard all changes and return to the main Access

 

Privilege screen.

 

 

432

 

ZyWALL USG 20/20W User’s Guide