Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 411 / 944 Scroll up to view Page 406 - 410

ZyWALL USG 50 User’s Guide

411

C

HAPTER

24

SSL VPN

24.1

Overview

Use SSL VPN to allow users to use a web browser for secure remote user login

(the remote users do not need a VPN router or VPN client software.

24.1.1

What You Can Do in this Chapter

•

Use the

VPN > SSL VPN > Access Privilege

screens (see

Section 24.2 on

page 413

) to configure SSL access policies.

•

Use the Click

VPN > SSL VPN

>

Global Setting

screen (see

Section 24.3 on

page 416

) to set the IP address of the ZyWALL (or a gateway device) on your

network for full tunnel mode access, enter access messages or upload a custom

logo to be displayed on the remote user screen.

24.1.2

What You Need to Know

Full Tunnel Mode

In full tunnel mode, a virtual connection is created for remote users with private

IP addresses in the same subnet as the local network. This allows them to access

network resources in the same way as if they were part of the internal network.

Figure 240

Network Access Mode: Full Tunnel Mode

SSL Access Policy

An SSL access policy allows the ZyWALL to perform the following tasks:

Page 412 / 944

Chapter 24 SSL VPN

ZyWALL USG 50 User’s Guide

412

•

apply Endpoint Security (EPS) checking to require users’ computers to comply

with defined corporate policies before they can access the SSL VPN tunnel.

•

limit user access to specific applications or files on the network.

•

allow user access to specific networks.

•

assign private IP addresses and provide DNS/WINS server information to

remote users to access internal networks.

SSL Access Policy Objects

The SSL access policies reference the following objects. If you update this

information, in response to changes, the ZyWALL automatically propagates the

changes through the SSL policies that use the object(s). When you delete an SSL

policy, the objects are not removed.

You cannot delete an object that is referenced by an SSL access policy. To delete

the object, you must first unassociate the object from the SSL access policy.

Finding Out More

•

See

Section 6.5.16 on page 102

for related information on these screens.

•

See

Section 24.4 on page 419

for how to establish an SSL VPN connection to the

ZyWALL (after you have configured the SSL VPN settings on the ZyWALL).

•

See

Chapter 44 on page 665

for details on endpoint security objects.

•

See

Chapter 43 on page 659

for details on SSL application objects.

Table 119

Objects

OBJECT

TYPE

OBJECT

SCREEN

DESCRIPTION

User Accounts

User

Account/

User Group

Configure a user account or user group to which you want

to apply this SSL access policy.

Endpoint

Security

Endpoint

Security

Endpoint Security (EPS) checking makes sure users’

computers comply with defined corporate policies before

they can access the SSL VPN tunnel.

Application

SSL

Application

Configure an SSL application object to specify the type of

application and the address of the local computer, server,

or web site SSL users are to be able to access.

IP Pool

Address

Configure an address object that defines a range of

private IP addresses to assign to user computers so they

can access the internal network through a VPN

connection.

Server

Addresses

Address

Configure address objects for the IP addresses of the DNS

and WINS servers that the ZyWALL sends to the VPN

connection users.

VPN Network

Address

Configure an address object to specify which network

segment users are allowed to access through a VPN

connection.

Page 413 / 944

Chapter 24 SSL VPN

ZyWALL USG 50 User’s Guide

413

24.2

The SSL Access Privilege Screen

Click

VPN > SSL VPN

to open the

Access Privilege

screen. This screen lists the

configured SSL access policies.

Figure 241

VPN > SSL VPN > Access Privilege

The following table describes the labels in this screen.

Table 120

VPN > SSL VPN > Access Privilege

LABEL

DESCRIPTION

Add

Click this to create a new entry. Select an entry and click

Add

to create

a new entry after the selected entry.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Activate

To turn on an entry, select it and click

Activate

.

Inactivate

To turn off an entry, select it and click

Inactivate

.

Move

To move an entry to a different number in the list, click the

Move

icon.

In the field that appears, specify the number to which you want to move

the interface.

Object

References

Select an entry and click

Object Reference

s to open a screen that

shows which settings use the entry. See

Section 11.3.2 on page 230

for

an example.

#

This field displays the index number of the entry.

Status

This icon is lit when the entry is active and dimmed when the entry is

inactive.

Name

This field displays the descriptive name of the SSL access policy for

identification purposes.

User/Group

This field displays the user account or user group name(s) associated to

an SSL access policy.

This field displays up to three names.

Access Policy

Summary

This field displays details about the SSL application object this policy

uses including its name, type, and address.

Page 414 / 944

Chapter 24 SSL VPN

ZyWALL USG 50 User’s Guide

414

24.2.1

The SSL Access Policy Add/Edit Screen

To create a new or edit an existing SSL access policy, click the

Add

or

Edit

icon in

the

Access Privilege

screen.

Figure 242

VPN > SSL VPN > Access Privilege > Add/Edit

Apply

Click

Apply

to save the settings.

Reset

Click

Reset

to discard all changes.

Table 120

VPN > SSL VPN > Access Privilege

LABEL

DESCRIPTION

Page 415 / 944

Chapter 24 SSL VPN

ZyWALL USG 50 User’s Guide

415

The following table describes the labels in this screen.

Table 121

VPN > SSL VPN > Access Privilege > Add/Edit

LABEL

DESCRIPTION

Create new

Object

Use to configure any new settings objects that you need to use in this

screen.

Configuration

Enable Policy

Select this option to activate this SSL access policy.

Name

Enter a descriptive name to identify this policy. You can enter up to 15

characters (“a-z”, A-Z”, “0-9”) with no spaces allowed.

Description

Enter additional information about this SSL access policy. You can enter

up to 31 characters (“0-9”, “a-z”, “A-Z”, “-” and “_”).

Clean browser

cache when

user logs out

Select this to clean the cookie, history, and temporary Internet files in

the user’s browser’s cache when the user logs out. The ZyWALL returns

them to the values present before the user logged in.

User/Group

The

Selectable User/Group Objects

list displays the name(s) of the

user account and/or user group(s) to which you have not applied an SSL

access policy yet.

To associate a user or user group to this SSL access policy, select a user

account or user group and click

>>

to add to the

Selected User/

Group Objects

list. You can select more than one name.

To remove a user or user group, select the name(s) in the

Selected

User/Group Objects

list and click

<<

.

Endpoint

Security (EPS)

Use these fields to make sure users’ computers meet an endpoint

security object’s Operating System (OS) and security requirements

before granting access.

Enable EPS

Checking

Select this to have the ZyWALL check that users’ computers meet the

Operating System (OS) and security requirements of one of the SSL

access policy’s selected endpoint security objects before granting

access.

Periodical

checking time

Select this and specify a number of minutes to have the ZyWALL repeat

the endpoint security check at a regular interval.

Available EPS

Objects /

Selected EPS

Objects

Configured endpoint security objects appear on the left. Select the

endpoint security objects to use for this SSL access policy and click the

right arrow button to add them to the selected list on the right. Use the

[Shift] and/or [Ctrl] key to select multiple objects. Select any endpoint

security objects that you want to remove from the selected list and click

the left arrow button to remove them.

The ZyWALL checks authenticated users’ computers against the SSL

access policy’s selected endpoint security objects in the order you list

them here. When a user’s computer matches an endpoint security

object the ZyWALL grants access and stops checking. Select an

endpoint security object and use the up and down arrows to change it’s

position in the list. To make the endpoint security check as efficient as

possible, arrange the endpoint security objects in order with the one

that the most users should match first and the one that the least users

should match last.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share