Novell ZENworks Endpoint Security Management 3.5 Manuale Utente
ZENworks® ESM 3.5
Administrator’s Manual
102
Step 7: Enter the IP address(es) for the VPN Server in the provided field. If multiple addresses are
entered, separate each with a semi-colon (example: 10.64.123.5;66.744.82.36)
Step 8: Select the Switch-To Location from the drop-down list. The ZSC will switch to this
selected location once the VPN authenticates (see the Switch-To Location for more
details)
details)
Step 9: Check-off the Trigger locations where the VPN enforcement rule will be applied. For strict
VPN enforcement, it is recommended the default Unknown location be used for this
policy. Once the network has authenticated, the VPN rule will activate and switch to the
assigned Switch-To Location
policy. Once the network has authenticated, the VPN rule will activate and switch to the
assigned Switch-To Location
Note:
The location switch will occur BEFORE the VPN connection, once the network has authenticated (see
Advanced VPN settings)
Advanced VPN settings)
Step 10: Enter a Custom User Message which will display when the VPN has authenticated to the
network. For non-client VPNs, this should be sufficient.
For VPNs with a client include a Hyperlink which points to the VPN Client.
Example: C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
This link will launch the application, but the user will still need to log-in. A switch can be
entered into the Parameters field, or a batch file could be created and pointed to, rather
than the client executable)
entered into the Parameters field, or a batch file could be created and pointed to, rather
than the client executable)
Note:
VPN clients that generate virtual adapters (e.g., Cisco Systems VPN Client 4.0) will display the: "Policy
Has Been Updated" message. The Policy has not been updated, the ZSC is simply comparing the virtual
adapter to any adapter restrictions in the current policy.
Has Been Updated" message. The Policy has not been updated, the ZSC is simply comparing the virtual
adapter to any adapter restrictions in the current policy.
The standard VPN Enforcement settings described above make VPN connectivity an option. The
user will be granted connectivity to the current network whether they launch their VPN or not. For
stricter enforcement, see Advanced VPN Settings below.
user will be granted connectivity to the current network whether they launch their VPN or not. For
stricter enforcement, see Advanced VPN Settings below.
The Switch-to Location
The Switch-to location is the location the ZSC will switch to when the VPN is activated. It is
recommended that this location contain some restrictions, and only a single restrictive firewall
setting as its default.
recommended that this location contain some restrictions, and only a single restrictive firewall
setting as its default.
The "All-Closed" firewall setting, which closes all TCP/UDP ports, is recommend for strict VPN
enforcement. This setting will prevent any unauthorized networking, while the VPN IP address
will act as an ACL to the VPN server, and permit network connectivity.
enforcement. This setting will prevent any unauthorized networking, while the VPN IP address
will act as an ACL to the VPN server, and permit network connectivity.