Configuring End-Point Security And Access Policies For Ssl Vpn - Novell ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010 Manual

Ssl vpn server guide

Table of Contents

Configuring End-Point Security

1 4

and Access Policies for SSL VPN

Novell

SSL VPN has a set of client integrity check policies to protect your network and

applications from clients that are using insufficient security restraints. SSL VPN also allows you to

configure traffic policies to control access to resources based on the role of the client, and allows

you to configure the client to access the resources either in Kiosk mode only or in Enterprise mode

only.

You can configure a client integrity check policy to run on the client workstations before

establishing a tunnel to the SSL VPN gateway. This check ensures that the users have specified

software installed and running in their systems. You can also configure different levels of security

and assign them to traffic policies.

The traffic policies are a set of rules and regulations, administered to regulate user access to the

protected network resources based on the role of the user and the security level adhered to by the

client machine. The policies ensure that certain actions take place when the user tries to establish an

SSL VPN connection:

1. A client integrity check is performed on the client machine to determine if the client has the

required firewall or antivirus installed on the machine. For more information on how to

configure client integrity checks, see

Category," on page

92. If the client fails the integrity check, one of the following actions

occurs:

a. If there is a traffic policy configured for that user's role with the security level as none, the

SSL VPN connection is established with minimal access to that client.

b. If there is no traffic policy configured for that user's role with the security level as none,

the SSL VPN connection fails.

2. If the client passes the client integrity check, the level of security at the client machine is

determined depending on the requirements for the different levels configured and the software

installed in the client machine. For more information on how to configure security levels, see

Section 14.2, "Configuring Client Security Levels," on page

3. If the client adheres to the accepted security level, then the SSL VPN connection is made and

the secure tunnel is established between the SSL VPN client and server.

Section 14.1.3, "Configuring Applications for a