ZyXEL Communications 91-009-073003B ユーザーズマニュアル
ZyWALL USG 50 User’s Guide
665
C
H A P T E R
4 4
Endpoint Security
44.1 Overview
Use Endpoint Security (EPS), also known as endpoint control, to make sure users’
computers comply with defined corporate policies before they can access the
network or an SSL VPN tunnel. After a successful user authentication, a user’s
computer must meet the endpoint security object’s Operating System (OS) option
and security requirements to gain access. You can configure the endpoint security
object to require a user’s computer to match just one of the endpoint security
object’s checking criteria or all of them. Configure endpoint security objects to use
with the authentication policy and SSL VPN features.
computers comply with defined corporate policies before they can access the
network or an SSL VPN tunnel. After a successful user authentication, a user’s
computer must meet the endpoint security object’s Operating System (OS) option
and security requirements to gain access. You can configure the endpoint security
object to require a user’s computer to match just one of the endpoint security
object’s checking criteria or all of them. Configure endpoint security objects to use
with the authentication policy and SSL VPN features.
For example, an authentication policy could use an endpoint security object that
requires a LAN user’s computer to pass all of the object’s checking items in order
to access the network. LAN user A passes all of the checks and is given access. An
SSL VPN tunnel could use a different endpoint security profile that only requires
the user’s computer to match at least one checked item. SSL VPN user B matches
at least one of the items checked by the SSL VPN’s endpoint security object and is
granted access to the system resource defined in the SSL VPN access policy; in
this example a web server. SSL VPN user C fails all of the SSL VPN’s endpoint
security check and is not given any access.
requires a LAN user’s computer to pass all of the object’s checking items in order
to access the network. LAN user A passes all of the checks and is given access. An
SSL VPN tunnel could use a different endpoint security profile that only requires
the user’s computer to match at least one checked item. SSL VPN user B matches
at least one of the items checked by the SSL VPN’s endpoint security object and is
granted access to the system resource defined in the SSL VPN access policy; in
this example a web server. SSL VPN user C fails all of the SSL VPN’s endpoint
security check and is not given any access.
Figure 379 Endpoint Security