Introducing the VPN Gateway
• SSL Secondary authentication
• IPsec Two Factor authentication
User Authorization
User authorization is controlled through the user's group membership. Two different
authorization profile types are supported:
• The base profile defines a group member's access rights to networks, services and
paths.
• The extended profile (optional) also defines a group member's access rights depending
on conditions related to the user's connection, for example, source network,
authentication method, access method, client certificate installed and/or Tunnel Guard
checks passed.
Client Security
• Avaya Endpoint Access Control Agent. Feature for checking the security aspects of the
remote PC client, that is, installed antivirus software, DLLs, executables and so on.
• WholeSecurity support. Lets you enable a scan of the client PC before the remote user
is allowed to log in to the VPN.
• User session auto-logoff.
• Cache and browser history automatically cleared (only for Internet Explorer).
Accounting and Auditing
• Support for logging user session start and stop messages to a syslog or RADIUS
accounting server. The messages can include VPN ID, user name, gateway address,
session ID, session time and cause of termination.
• Support for logging CLI and Web User Interface operations (for example, login, logout
and executed operation) to a syslog or RADIUS accounting server.
24
User Guide
Comments? infodev@avaya.com
April 2013