ZyXEL Communications 3.1 User Manual
ZyWALL (ZLD) CLI Reference Guide
269
C
H A P T E R
3 5
Endpoint Security
This chapter describes how to configure endpoint security objects for use in authentication policy
and SSL VPN.
and SSL VPN.
35.1 Endpoint Security Overview
Use Endpoint Security (EPS), also known as endpoint control, to make sure users’ computers
comply with defined corporate policies before they can access the network or an SSL VPN tunnel.
After a successful user authentication, a user’s computer must meet the endpoint security object’s
Operating System (OS) option and security requirements to gain access. You can configure the
endpoint security object to require a user’s computer to match just one of the endpoint security
object’s checking criteria or all of them. Configure endpoint security objects to use with the
authentication policy and SSL VPN features.
comply with defined corporate policies before they can access the network or an SSL VPN tunnel.
After a successful user authentication, a user’s computer must meet the endpoint security object’s
Operating System (OS) option and security requirements to gain access. You can configure the
endpoint security object to require a user’s computer to match just one of the endpoint security
object’s checking criteria or all of them. Configure endpoint security objects to use with the
authentication policy and SSL VPN features.
What Endpoint Security Can Check
The settings endpoint security can check vary depending on the OS of the user’s computer.
Depending on the OS, EPS can check user computers for the following:
Depending on the OS, EPS can check user computers for the following:
• Operating System (Windows, Linux, Mac OSX, or others)
• Windows version and service pack version
• Windows Auto Update setting and installed security patches
• Personal firewall installation and activation
• Anti-virus installation and activation
• Windows registry settings
• Processes that the endpoint must execute
• Processes that the endpoint cannot execute
• The size and version of specific files
• Windows version and service pack version
• Windows Auto Update setting and installed security patches
• Personal firewall installation and activation
• Anti-virus installation and activation
• Windows registry settings
• Processes that the endpoint must execute
• Processes that the endpoint cannot execute
• The size and version of specific files
Multiple Endpoint Security Objects
You can configure an authentication policy or SSL VPN policy to use multiple endpoint security
objects. This allows checking of computers with different OSs or security settings. When a client
attempts to log in, the ZyWALL checks the client’s computer against the endpoint security objects
one-by-one. The client’s computer must match one of the force authentication or SSL VPN policy’s
endpoint security policies in order to gain access.
objects. This allows checking of computers with different OSs or security settings. When a client
attempts to log in, the ZyWALL checks the client’s computer against the endpoint security objects
one-by-one. The client’s computer must match one of the force authentication or SSL VPN policy’s
endpoint security policies in order to gain access.