Zyxel ZyWALL USG 20 [177/185] Q03 in zld v2 0 do i still need to create policy routes for

ZyWALL USG Support Notes

177

In ZLD v2.20, after you configure an NAT 1:1 mapping rule, the system will

automatically create a routing and NAT rule for the NAT 1:1 mapping of outgoing

traffic. The system automatically created 1:1 routing and NAT rule for outgoing traffic

has a lower priority than policy routes. So be careful when you create policy routes

not to override the 1:1 rules.

Q03. In ZLD v2.20, do I still need to create policy routes for

IPSec VPN traffic?

No. In ZLD v2.20, after you set the IPSec VPN rule, system will automatically create

corresponding routes for the IPSec VPN traffic according to their phase2 local/remote

policy.

Q04. What is EPS?

EPS is short for Endpoint Security.

Endpoint refers to PCs, laptops, handhelds, etc. Endpoint Security is a security

concept that assumes each endpoint is responsible for its own security. Network

administrator can set restrict policies to allow only the endpoints that comply with its

defined security requirements to access network resources. The endpoint security

requirement items may contain current anti-virus state, personal firewall, and

operating system patch level, etc.

For example, a local endpoint doesn‟t have any anti-virus software installed. If it surfs

internet, there‟s a high risk that it may be infected with viruses. Then the viruses may

be propagated among the entire local network.

Another example is in SSL VPN case. If the SSL VPN client doesn‟t have anti-virus

software installed, when it accesses the HQ local resources through SSL VPN tunnel,

it may propagate the virus to HQ local subnet.

To prevent such undesired situation, the network administrator can use EPS checking

to restrict endpoints‟ network access privileges. Only the compliant endpoint can get

authority to access certain network resources.

Q05. Where can I deploy the EPS function?

We can deploy EPS in User Aware and SSL VPN applications.