User manual

Chapter 23 Authentication Policy
ZyWALL USG 300 User’s Guide
442
23.1.2 What You Need to Know
Authentication Policy and VPN
Authentication policies are applied based on a traffic flow’s source and destination
IP addresses. If VPN traffic matches an authentication policy’s source and
destination IP addresses, the user must pass authentication.
Multiple Endpoint Security Objects
You can set an authentication policy to use multiple endpoint security objects. This
allows checking of computers with different OSs or security settings. When a client
attempts to log in, the ZyWALL checks the client’s computer against the endpoint
security objects one-by-one. The client’s computer must match one of the
authentication policy’s endpoint security objects in order to gain access.
Forced User Authentication
Instead of making users for which user-aware policies have been configured go to
the ZyWALL Login screen manually, you can configure the ZyWALL to display the
Login screen automatically whenever it routes HTTP traffic for anyone who has
not logged in yet.
Note: This works with HTTP traffic only. The ZyWALL does display the Login screen
when users attempt to send other kinds of traffic.
The ZyWALL does not automatically route the request that prompted the login,
however, so users have to make this request again.
Finding Out More
See Section 7.9 on page 155 for an example of how to use endpoint security and
authentication policies.
23.2 Authentication Policy Screen
The Authentication Policy screen displays the authentication policies you have
configured on the ZyWALL.