Endpoint Security; Chapter 31 Endpoint Security; Endpoint Security Overview - ZyXEL Communications UAG Series Cli Reference Manual

This chapter describes how to configure endpoint security objects for use in authentication policy
and SSL VPN.

31.1 Endpoint Security Overview

Use Endpoint Security (EPS), also known as endpoint control, to make sure users' computers
comply with defined corporate policies before they can access the network or an SSL VPN tunnel.
After a successful user authentication, a user's computer must meet the endpoint security object's
Operating System (OS) option and security requirements to gain access. You can configure the
endpoint security object to require a user's computer to match just one of the endpoint security
object's checking criteria or all of them. Configure endpoint security objects to use with the
authentication policy and SSL VPN features.
What Endpoint Security Can Check
The settings endpoint security can check vary depending on the OS of the user's computer.
Depending on the OS, EPS can check user computers for the following:
• Operating System (Windows, Linux, Mac OSX, or others)
• Windows version and service pack version
• Windows Auto Update setting and installed security patches
• Personal firewall installation and activation
• Anti-virus installation and activation
• Windows registry settings
• Processes that the endpoint must execute
• Processes that the endpoint cannot execute
• The size and version of specific files
Multiple Endpoint Security Objects
You can configure an authentication policy or SSL VPN policy to use multiple endpoint security
objects. This allows checking of computers with different OSs or security settings. When a client
attempts to log in, the UAG checks the client's computer against the endpoint security objects one-
by-one. The client's computer must match one of the force authentication or SSL VPN policy's
endpoint security policies in order to gain access.
UAG CLI Reference Guide
C
HAPTER

Endpoint Security

3 1
193