Nortel 4050 用户指南
13
Nortel Secure Network Access Switch 4050 Configuration – Using TunnelGuard System Agent
Chapter 1
TunnelGuard
TunnelGuard
TunnelGuard enables you to impose a security policy on the client PC when it is
connected to the corporate network through the Nortel Secure Network Access
Switch (SNAS). This policy defines the firewall and security software, or
Software Requirement Set (SRS), that must be installed and activated on the client
PC while the PC is connected to the gateway.
connected to the corporate network through the Nortel Secure Network Access
Switch (SNAS). This policy defines the firewall and security software, or
Software Requirement Set (SRS), that must be installed and activated on the client
PC while the PC is connected to the gateway.
TunnelGuard is comprised of the following components:
•
TunnelGuard agent — is the desktop application running on client desktop
PCs that connect to Secure Network. This application monitors the state of
rules on desktops that are enforced by TunnelGuard daemon and reports their
status back to Secure Network.
The installable TunnelGuard agent is installed on the end user's system as a
Windows System Service. The TunnelGuard agent provides single sign-on
and machine authentication functions.
PCs that connect to Secure Network. This application monitors the state of
rules on desktops that are enforced by TunnelGuard daemon and reports their
status back to Secure Network.
The installable TunnelGuard agent is installed on the end user's system as a
Windows System Service. The TunnelGuard agent provides single sign-on
and machine authentication functions.
•
Software Requirement Set (SRS) builder — provides an interface for
administrators to create and modify Software Requirement Sets (SRS) and
rules. These requirements and rules are assigned to groups of users and
enforced on client PCs connecting to either VPN Router or SNAS.
administrators to create and modify Software Requirement Sets (SRS) and
rules. These requirements and rules are assigned to groups of users and
enforced on client PCs connecting to either VPN Router or SNAS.
TunnelGuard agent
The TunnelGuard agent runs on the client desktop PC and is responsible for
processing and checking the SRS rules. For example, the TunnelGuard agent
checks that the required components (executable files, DLLs, configuration files)
necessary to comprise a personal firewall are installed and active. Because it is
completely provisioned from the gateway, the TunnelGuard agent is invisible to
the end user.
processing and checking the SRS rules. For example, the TunnelGuard agent
checks that the required components (executable files, DLLs, configuration files)
necessary to comprise a personal firewall are installed and active. Because it is
completely provisioned from the gateway, the TunnelGuard agent is invisible to
the end user.
The TunnelGuard agent features are: