Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 - ADMINISTRATION Administration Manual page 96

Figure 6-15
To use the VPN Enforcement rule, at least two locations must exist.
To add VPN enforcement to a new or existing security policy:
1 Select Enable to activate the screen and the rule.
2 Specify the IP addresses for the VPN Server in the provided field. If multiple addresses are
specified, separate each with a semi-colon (for example: 10.64.123.5;66.744.82.36).
3 Select the Switch To Location from the drop-down list. The Endpoint Security Client switches
to this location after the VPN authenticates.
The Switch To location is the location the Endpoint Security Client switches to when the VPN
is activated. It is recommended that this location contain some restrictions, and only a single
restrictive firewall setting as its default.
The All-Closed firewall setting, which closes all TCP/UDP ports, is recommend for strict VPN
enforcement. This setting prevents any unauthorized networking, while the VPN IP address
acts as an ACL to the VPN server, and permits network connectivity.
4 Select the Trigger locations where the VPN enforcement rule is applied. For strict VPN
enforcement, it is recommended the default Unknown location be used for this policy. After the
network has authenticated, the VPN rule activates and switches to the assigned Switch To
Location.
NOTE: The location switch occurs before the VPN connection, after the network has
authenticated.
5 Enter a Custom User Message to display when the VPN has authenticated to the network. For
non-client VPNs, this should be suffiClient.
96 ZENworks Endpoint Security Management Administration Guide
Basic VPN Enforcement