SSL VPN

See the SSL VPN section for related information on these screens.

SSL Access Policy

An SSL access policy allows the ZyWALL to perform the following tasks:

SSL Access Policy Objects

Your ZyWALL uses the object-based configuration approach in which related settings are grouped into an object. Once you have set up an object, you can apply and reuse it in other configuration screens. Thus, the object-based approach minimizes repetitive configuration steps and helps to reduce management and configuration efforts.

Objects store information and are referenced in the SSL Access Privilege screen. If you update this information, in response to changes, the ZyWALL automatically propagates the changes through the SSL policies that use the object(s). When you delete an SSL policy, the objects are not removed.

The following table gives an overview of the settings you can configure in the corresponding Object screens or through the SSL Access Privilege screen.

Objects  

Object Type
Object screen
Description
User Accounts
User Account/ User Group
Configure a user account or user group to which you want to apply this SSL access policy.
Application
SSL Application
Configure an SSL application object to specify the application type and server users are allowed to access.
IP Pool
Address
Configure an address object that defines a range of private IP addresses to assign to user computers so they can access the internal network through a VPN connection.
Server Addresses
Address
Configure address objects for the IP addresses of the DNS and WINS servers that the ZyWALL sends to the VPN connection users.
VPN Network
Address
Configure an address object to specify which network segment users are allowed to access through a VPN connection.

SSL Access Policy Limitations

You cannot delete an object that is used by an SSL access policy. To delete the object, you must first unassociate the object from the SSL access policy.

SSL Access Privilege List

This screen displays a summary of the SSL access policy(ies) you have configured.

VPN > SSL VPN > Access Privilege

label
description
#
This field displays the index number of the entry.
Name
This field displays the descriptive name of the SSL access policy for identification purposes.
User/Group
This field displays the user account or user group name(s) associated to an SSL access policy.
This field displays up to three names.
Application
This field displays the descriptive name of the SSL application object this policy uses.
Add icon
This column provides icons to add, edit, and remove policies.
To add a new policy, click the Add icon at the top of the column.
To activate or disable the policy, click the Activate/Deactivate icon.
To edit a policy, click the Edit icon next to the policy.
To delete a policy, click the Remove icon next to the policy.
To rearrange a policy in the list, click the Move to N icon next to the policy.
Apply
Click Apply to save the settings.
Reset
Click Reset to discard all changes.

Creating/Editing an SSL Access Policy

To create a new or edit an existing SSL access policy, click the Add or Edit icon in the Access Privilege screen.

VPN > SSL VPN > Access Privilege > Add/Edit  

label
description
Configuration
Enable
Select this option to activate this SSL access policy.
Name
Enter a descriptive name to identify this policy. You can enter up to 15 characters ("a-z", A-Z", "0-9") with no spaces allowed.
Description
Enter additional information about this SSL access policy. You can enter up to 31 characters ("0-9", "a-z", "A-Z", "-" and "_").
User/Group
The Available list displays the name(s) of the user account and/or user group(s) to which you have not applied an SSL access policy yet.
To associate a user or user group to this SSL access policy, select a user account or user group and click >> to add to the Member list. You can select more than one name.
To remove a user or user group, select the name(s) in the Member list and click <<.
Add
Click Add to display a screen you use to create a new user account or user group name (see User Add/Edit for details).
SSL Application List
The Available list displays the name(s) of the SSL application(s) you can select for this SSL access policy.
To associate an SSL application to this SSL access policy, select a name and click >> to add to the Member list. You can select more than one application.
To remove an SSL application, select the name(s) in the Member list and click <<.
Add
Click Add to create a new SSL application object. Refer to Creating/Editing an SSL Application for more information.
Network Extension
 
Enable Network Extension
Select this option to create a VPN tunnel between the authenticated users and the internal network. This allows the users to access the resources on the network as if they were on the same local network.
Clear this option to disable this feature. Users can only access the applications as defined by the selected SSL application settings and the remote user computers are not made to be a part of the local network.
Assign IP Pool
Select the name of the IP address pool from which an IP address is assigned to the user computer to establish a VPN connection.

Note: Make sure other devices on the local network do not use these IP addresses.

DNS/WINS Server 1..2
Select the name of the DNS or WINS server whose information the ZyWALL sends to the remote users. This allows them to access devices on the local network using domain names instead of IP addresses.
Network List
To allow user access to local network(s), select a network name in the Available list and click >> to add to the Member list. You can select more than one network.
To block access to a network, select the network name in the Member list and click <<.
Add
Click Add to create a new network object. Refer to Addresses for more information.
Ok
Click Ok to save the changes and return to the main Access Privilege screen.
Cancel
Click Cancel to discard all changes and return to the main Access Privilege screen.

SSL Connection Monitor

The ZyWALL keeps track of the users who are currently logged into the VPN SSL client portal. Use this screen to do the following:

Once a user logs out, the corresponding entry is removed from the Connection Monitor screen.

VPN > SSL VPN > Connection Monitor 

label
description
#
This field displays the index number.
User
This field displays the account user name used to establish this SSL VPN connection.
Access
This field displays the name of the SSL VPN application the user is accessing.
Login Address
This field displays the IP address the user used to establish this SSL VPN connection.
Connected Time
This field displays the time this connection was established.
Inbound (Bytes)
This field displays the number of bytes received by the ZyWALL on this connection.
Outbound (Bytes)
This field displays the number of bytes transmitted by the ZyWALL on this connection.
 
Click the icon to terminate the connection of the user and delete corresponding session information from the ZyWALL.
Refresh
Click Refresh to update this screen.

Configuring SSL Global Setting

Use this screen to set the IP address of the ZyWALL (or a gateway device) on your network, enter access messages or upload a custom logo to be displayed on the remote user screen.

VPN > SSL VPN > Global Setting 

label
description
Global Setting
 
Network Extension IP Address
Specify the IP address of the ZyWALL (or a gateway device) for full tunnel mode SSL VPN access.
Leave this field to the default settings unless it conflicts with another interface.
Message
 
Login Message
Specify a message to display on the screen when a user logs in and an SSL VPN connection is established successfully. You can enter up to 31 characters ("a-z", A-Z", "0-9") with spaces allowed.
Logout Message
Specify a message to display on the screen when a user logs out and the SSL VPN connection is terminated successfully. You can enter up to 31 characters ("a-z", A-Z", "0-9") with spaces allowed.
Update Client Virtual Desktop Logo
You can upload a graphic logo to be displayed on the web browser on the remote user computer. The ZyXEL company logo is the default logo.
Specify the location and file name of the logo graphic or click Browse to locate it.

Note: The logo graphic must be GIF, JPG, or PNG format. The graphic should use a resolution of 127 x 57 pixels to avoid distortion when displayed. The ZyWALL automatically resizes a graphic of a different resolution to 127 x 57 pixels. The file size must be 100 kilobytes or less. Transparent background is recommended.

Browse
Click Browse to locate the graphic file on your computer.
Upload
Click Upload to transfer the specified graphic file from your computer to the ZyWALL.
Reset Logo to Default
Click Reset Logo to Default to display the ZyXEL company logo on the remote user's web browser.
Apply
Click Apply to save the changes and/or start the logo file upload process.
Reset
Click Reset to start configuring this screen again.

Uploading a Custom Logo

Follow the steps below to upload a custom logo on the ZyWALL.