Now you can create policies to determine what remote users are allowed to access. Each policy can contain selected users and groups, have a range of objects assigned to it and be scheduled to be active at certain times of each day. You can also decide whether to allow full network access and provide different VPN networks that determine the private addresses they receive. Usefully, any changes to network objects will be automatically propagated to the policies that use them.
ZyXEL’s end-point security enables you to check the client system for operating systems, service packs and so on. After successful authentication the appliance downloads ActiveX controls and Java apps that scan the system looking for required components. You can check for specific versions of IE, NetScape, Mozilla and FireFox and look for anti-virus products although this is currently limited to Symantec and McAfee. However, you can also insist that their auto-protect function is switched on and check for the existence of Windows patches, registry entries and processes.
When a user points their browser at the appliance’s WAN port they are redirected to a log-in portal and after authentication receive a page showing what applications and file sharing features they can access. The portal asks if you’re on a trusted or untrusted machine during logon but can’t validate this. If you select the trusted option then your browser cache won’t be cleaned when the session ends.
”’The web management interface provides easy access to a wealth of security features.”’
Web applications can be fired up directly from the portal whilst non-web apps must be loaded and pointed at the localhost address and port specified in the portal entry. We tested the latter successfully using an FTP client tool on a remote system which was redirected through to our server on the LAN. Using the full tunnel mode we were able to access LAN resources from our remote client and connect over RDP to a Windows server. File sharing was also easy to configure and we were able to remotely browse files and directories on our local servers from the portal.
Although not available in the UK until July, the SSL 10 will support ZyXEL’s OTP (one-time password) system. The kits comprise USB tokens which receive a set of OTPs from the server software component. The user presses a button on the token, which displays the next password. This is entered in the login portal and the SSL 10 links up with the OTP server to verify the password.
The SSL 10 is delivering a lot of features for the price and the combination of policies, end-point security and network objects makes it extremely versatile. It’s a close call with Billion’s BiGuard S10, although we found the latter is easier to configure and is a better bet if you also want basic URL filtering plus QoS features.