ZyXEL Communications ZyWall USG 2000 User Manual page 494

Chapter 26 SSL VPN
Table 130 VPN > SSL VPN > Access Privilege > Add/Edit (continued)
LABEL
Available EPS
Objects /
Selected EPS
Objects
SSL Application
List (Optional)
Network
Extension
(Optional)
Enable Network
Extension
Assign IP Pool
DNS/WINS
Server 1..2
Network List
494
DESCRIPTION
Configured endpoint security objects appear on the left. Select the
endpoint security objects to use for this SSL access policy and click the
right arrow button to add them to the selected list on the right. Use the
[Shift] and/or [Ctrl] key to select multiple objects. Select any endpoint
security objects that you want to remove from the selected list and click
the left arrow button to remove them.
The ZyWALL checks authenticated users' computers against the SSL
access policy's selected endpoint security objects in the order you list
them here. When a user's computer matches an endpoint security
object the ZyWALL grants access and stops checking. Select an
endpoint security object and use the up and down arrows to change it's
position in the list. To make the endpoint security check as efficient as
possible, arrange the endpoint security objects in order with the one
that the most users should match first and the one that the least users
should match last.
The Selectable Application Objects list displays the name(s) of the
SSL application(s) you can select for this SSL access policy.
To associate an SSL application to this SSL access policy, select a name
and click >> to add to the Selected Application Objects list. You can
select more than one application.
To remove an SSL application, select the name(s) in the Selected
Application Objects list and click <<.
Select this option to create a VPN tunnel between the authenticated
users and the internal network. This allows the users to access the
resources on the network as if they were on the same local network.
Clear this option to disable this feature. Users can only access the
applications as defined by the selected SSL application settings and the
remote user computers are not made to be a part of the local network.
Define a separate pool of IP addresses to assign to the SSL users. Select
it here.
The SSL VPN IP pool cannot overlap with IP addresses on the ZyWALL's
local networks (LAN and DMZ for example), the SSL user's network, or
the networks you specify in the SSL VPN Network List.
Select the name of the DNS or WINS server whose information the
ZyWALL sends to the remote users. This allows them to access devices
on the local network using domain names instead of IP addresses.
To allow user access to local network(s), select a network name in the
Selectable Address Objects list and click >> to add to the Selected
Address Objects list. You can select more than one network.
To block access to a network, select the network name in the Selected
Address Objects list and click <<.
ZyWALL USG 2000 User's Guide