Novell ACCESS MANAGER 3.1 SP2 - SSL VPN SERVER GUIDE 2010 Manual page 13

End-Point Security Checks
The Novell SSL VPN has a set of policies that can be configured to protect your network and
applications from clients that are using insufficient security restraints and also to restrict the traffic
based on the role of the client.
You can configure a client integrity check policy to run a check on the client workstations before
establishing a tunnel to SSL VPN server. This check ensures that the users have specified software
installed and running in their systems. Each client is associated with a security level, depending on
the assessment of the client integrity check and the relevant traffic policies that are assigned. For
more information on configuring end-point security, see Chapter 3, "Configuring End-Point
Security and Access Policies for SSL VPN," on page 37.
Ability to Order Rules
If you have configured more than one rule for a user's role, the rule that is placed first is applied
first. Novell SSL VPN allows you to change the order of rules by dragging and dropping them,
based on their priority. For more information on rule ordering in SSL VPN, see "Ordering Traffic
Policies" on page 49.
Ability to Import and Export Policies
Novell SSL VPN allows you to export the existing configuration into an XML file through the
Administration Console. You can reimport this configuration later. This is a very useful feature
when you upgrade your servers from one version to another. For more information, see "Exporting
and Importing Traffic Policies" on page 50
Desktop Cleanup Feature
When a user accesses the protected resource from outside by using SSL VPN, it also means that the
sites that the user visited are stored in the browser history, or some sensitive information is stored in
the cache or cookies. This is a potential security threat if it is not properly dealt with. The Novell
SSL VPN client comes with the desktop cleanup feature, so the user has the option to delete all the
browser history, cache, cookies, and files from the system, before logging out of the SSL VPN
connection.
If the user uses Firefox to connect to SSL VPN, the browsing data that was stored after the SSL
VPN connection was made is deleted. In Internet Explorer, all the browser data is deleted, including
the data that was stored before the SSL VPN session was established.
Sandbox Feature
When you connect to SSL VPN in either Kiosk mode or Enterprise mode, a folder named VPN-
SANDBOX is created on your desktops You can manually copy files to this folder, including files
that you create or files that you download from your corporate network. This folder is automatically
deleted along with its contents when you logs out of the SSL VPN connection. This is a very useful
feature if you are browsing from an Internet connection and you do not want any sensitive
information to reach other persons. For more information on the sandbox feature of SSL VPN, see
"Using the Sandbox Feature" in the Novell Access Manager 3.1 SP2 SSL VPN User Guide.
Overview of SSL VPN 13