ZyXEL Communications 1000 ユーザーズマニュアル

Chapter 23 Authentication Policy

ZyWALL USG 1000 User’s Guide

Authentication policies are applied based on a traffic flow’s source and destination 
IP addresses. If VPN traffic matches an authentication policy’s  source and 
destination IP addresses, the user must pass authentication. 

You can set an authentication policy to use multiple endpoint security objects. This 
allows checking of computers with different OSs or security settings. When a client 
attempts to log in, the ZyWALL checks the client’s computer against the endpoint 
security objects one-by-one. The client’s computer must match one of the 
authentication policy’s endpoint security objects in order to gain access. 

Instead of making users for which user-aware policies have been configured go to 
the ZyWALL Login screen manually, you can configure the ZyWALL to display the 
Login screen automatically whenever it routes HTTP traffic for anyone who has 
not logged in yet. 

Note: This works with HTTP traffic only. The ZyWALL does display the Login screen 

when users attempt to send other kinds of traffic.

The ZyWALL does not automatically route the request that prompted the login, 
however, so users have to make this request again.

 for an example of how to use endpoint security and 

authentication policies.

The Authentication Policy screen displays the authentication policies you have 
configured on the ZyWALL.