SSL VPN
See the SSL VPN section for related information on these screens.
SSL Access Policy
An SSL access policy allows the ZyWALL to perform the following tasks:
SSL Access Policy Objects
Your ZyWALL uses the object-based configuration approach in which related settings are grouped into an object. Once you have set up an object, you can apply and reuse it in other configuration screens. Thus, the object-based approach minimizes repetitive configuration steps and helps to reduce management and configuration efforts.
Objects store information and are referenced in the SSL Access Privilege screen. If you update this information, in response to changes, the ZyWALL automatically propagates the changes through the SSL policies that use the object(s). When you delete an SSL policy, the objects are not removed.
The following table gives an overview of the settings you can configure in the corresponding Object screens or through the SSL Access Privilege screen.
SSL Access Policy Limitations
You cannot delete an object that is used by an SSL access policy. To delete the object, you must first unassociate the object from the SSL access policy.
SSL Access Privilege List
This screen displays a summary of the SSL access policy(ies) you have configured.
Creating/Editing an SSL Access Policy
To create a new or edit an existing SSL access policy, click the Add or Edit icon in the Access Privilege screen.
VPN > SSL VPN > Access Privilege > Add/Edit
label description Configuration Enable Select this option to activate this SSL access policy. Name Enter a descriptive name to identify this policy. You can enter up to 15 characters ("a-z", A-Z", "0-9") with no spaces allowed. Description Enter additional information about this SSL access policy. You can enter up to 31 characters ("0-9", "a-z", "A-Z", "-" and "_"). User/Group The Available list displays the name(s) of the user account and/or user group(s) to which you have not applied an SSL access policy yet.To associate a user or user group to this SSL access policy, select a user account or user group and click >> to add to the Member list. You can select more than one name.To remove a user or user group, select the name(s) in the Member list and click <<. Add Click Add to display a screen you use to create a new user account or user group name (see User Add/Edit for details). SSL Application List The Available list displays the name(s) of the SSL application(s) you can select for this SSL access policy.To associate an SSL application to this SSL access policy, select a name and click >> to add to the Member list. You can select more than one application.To remove an SSL application, select the name(s) in the Member list and click <<. Add Click Add to create a new SSL application object. Refer to Creating/Editing an SSL Application for more information. Network Extension Enable Network Extension Select this option to create a VPN tunnel between the authenticated users and the internal network. This allows the users to access the resources on the network as if they were on the same local network.Clear this option to disable this feature. Users can only access the applications as defined by the selected SSL application settings and the remote user computers are not made to be a part of the local network. Assign IP Pool Select the name of the IP address pool from which an IP address is assigned to the user computer to establish a VPN connection.Note: Make sure other devices on the local network do not use these IP addresses.
DNS/WINS Server 1..2 Select the name of the DNS or WINS server whose information the ZyWALL sends to the remote users. This allows them to access devices on the local network using domain names instead of IP addresses. Network List To allow user access to local network(s), select a network name in the Available list and click >> to add to the Member list. You can select more than one network.To block access to a network, select the network name in the Member list and click <<. Add Click Add to create a new network object. Refer to Addresses for more information. Ok Click Ok to save the changes and return to the main Access Privilege screen. Cancel Click Cancel to discard all changes and return to the main Access Privilege screen.
SSL Connection Monitor
The ZyWALL keeps track of the users who are currently logged into the VPN SSL client portal. Use this screen to do the following:
Once a user logs out, the corresponding entry is removed from the Connection Monitor screen.
Configuring SSL Global Setting
Use this screen to set the IP address of the ZyWALL (or a gateway device) on your network, enter access messages or upload a custom logo to be displayed on the remote user screen.
Uploading a Custom Logo
Follow the steps below to upload a custom logo on the ZyWALL.