ZyXEL Communications Security Camera 3.1 ユーザーズマニュアル
Chapter 18 SSL VPN
ZyWALL (ZLD) CLI Reference Guide
152
The following sections list the SSL VPN commands.
18.2.1 SSL VPN Commands
This table lists the commands for SSL VPN. You must use the
configure terminal
command to
enter the configuration mode before you can use these commands.
user_name
The name of a user (group). You may use 1-31 alphanumeric characters,
underscores(
underscores(
_
), or dashes (-), but the first character cannot be a number. This value
is case-sensitive.
eps_profile_name
The name of an endpoint security object.
Table 77
Input Values for SSL VPN Commands (continued)
LABEL
DESCRIPTION
Table 78
SSL VPN Commands
COMMAND
DESCRIPTION
show sslvpn policy [profile_name]
Displays the settings of the specified SSL VPN access policy.
show ssl-vpn network-extension local-ip
Displays the IP address that the ZyWALL uses in setting up the SSL VPN.
show sslvpn monitor
Displays a list of the users who are currently logged into the VPN SSL client
portal.
portal.
sslvpn network-extension local-ip ip
Sets the IP address that the ZyWALL uses in setting up the SSL VPN.
sslvpn policy {profile_name |
profile_name append | profile_name
insert <1..16>}
Enters the SSL VPN sub-command mode to add or edit an SSL VPN access
policy.
policy.
[no] activate
Turns the SSL VPN access policy on or off.
[no] application
application_object
Adds the SSL application object to the SSL VPN access policy.
[no] cache-clean activate
Cleans the cookie, history, and temporary Internet files in the user’s
browser’s cache when the user logs out. The ZyWALL returns them to the
values present before the user logged in. The no command disables this
setting.
browser’s cache when the user logs out. The ZyWALL returns them to the
values present before the user logged in. The no command disables this
setting.
[no] description description
Adds information about the SSL VPN access policy. Use up to 60 characters
(“0-9”, “a-z”, “A-Z”, “-” and “_”).
(“0-9”, “a-z”, “A-Z”, “-” and “_”).
[no] eps <1..8> eps_profile_name
Sets endpoint security objects to be used for the SSL VPN access policy.
The ZyWALL checks authenticated users’ computers against the policy’s
selected endpoint security objects in the order from 1 to 8 you specified.
When a user’s computer meets an endpoint security object’s requirements
the ZyWALL grants access and stops checking.
The ZyWALL checks authenticated users’ computers against the policy’s
selected endpoint security objects in the order from 1 to 8 you specified.
When a user’s computer meets an endpoint security object’s requirements
the ZyWALL grants access and stops checking.
To make the endpoint security check as efficient as possible, arrange the
endpoint security objects in order with the one that the most users should
match first and the one that the least users should match last.
endpoint security objects in order with the one that the most users should
match first and the one that the least users should match last.
[no] eps activate
Sets to have the ZyWALL check that users’ computers meet the Operating
System (OS) and security requirements of one of the SSL access policy’s
selected endpoint security objects before granting access. The no
command disables this setting.
System (OS) and security requirements of one of the SSL access policy’s
selected endpoint security objects before granting access. The no
command disables this setting.
eps insert <1..8> eps_profile_name
Inserts the specified endpoint security object to the specified position for
the endpoint security objects checking order.
the endpoint security objects checking order.
eps move <1..8> to <1..8>
Moves the first specified endpoint security object to the second specified
endpoint security object’s position.
endpoint security object’s position.
[no] eps periodical-check activate
Sets whether to have the ZyWALL repeat the endpoint security check at a
regular interval configured using the next command. The no command
disables this setting.
regular interval configured using the next command. The no command
disables this setting.