In previous versions of VPN, access controls were only based on application groups – Allowing application group access to user groups. zGateway’s new improved access control management interface will allow creating access controls with added access control methods.
Newly added access control Methods are:
a) Device ID fingerprinting based access control to User groups/User – Device ID access controls will restrict access of VPN gateway to user groups based on matched criteria of end user machine device finger prints.
b) Endpoint Connectivity Based Access Controls to User groups/User – Based on this policy, Administrator can control Internet access, and close all active connections if users are connected to VPN gateway.
DEVICE ID BASED FINGERPRINTING
Device ID based finger printing feature added in this release will capture necessary details from the client machine running the zGateway client software. The Device ID is a unique set of numbers and letters generated and allotted by hardware manufacturers for identifying their device. Administrator can create access control for user groups based on Device ID fingerprinting.
Parameters covered under device fingerprint:
OS type – Client Operating System details
Mother Board ID – ID of Mother board
CPU ID – ID of CPU
MAC ID – MAC Address of LAN card
Hard disk ID – ID of Hard disk
IMEI number – IMEI Number of the device (For Android and iOS based Devices),
Received WAN IP Address – WAN IP address received on Server sent by client. This can be different than original IP address if client browser is proxy configured. This option can be disabled using preference on the server side.
Detected WAN IP address – WAN IP address detected by server where WAN packets are terminating at Firewall or Router. This is the WAN IP address SSL VPN client is receiving from SSL connection.
Device Type – Will show the device type
Browser Type – Will display browser name
Browser ID – Will display browser ID
Region – Client machine regional Settings
Time zone – Time zone of end user machine
Locale – Language which sets on client machine.
Default gateway – Default gateway address of Client machine.
Network Card Manufacturer – Name of NIC card manufacturer.
Device ID Based Access Controls
Administrators can create Device ID based access controls from zGateway Management Console > Access Management > Access controls > Create access controls > Select access control type as Device ID.
When a user logs in to zGateway server for the first time, zGateway client will scan device finger prints and will send them to server. Administrator can select single or multiple Device ID parameters for creating access control. Administrator can also mention number of per user device ID signatures. For instance, if administrator selected 3 device ID signatures, User can login into zGateway server from maximum of three different End user machines / devices.
Automatically approve devices:
Administrator can control allowing device access by manual process or automatically. All scanned Device ID details are stored in database and administrators can allow or deny access. Captured Device ID details can be found under
Management console > End point Management > Device Management.
ENDPOINT PROTECTION BASED ACCESS CONTROLS
With end point protection based access controls, Administrator will have more control over client network traffic by using zGateway client. Administrator can disable Internet access, Deny zGateway access if proxy is enabled or disconnect all active connections if client is connected to zGateway server.
For creating Endpoint Protection based access control, go to zGateway management console > Access control management and create an Access control type as Endpoint Protection.
Close all Existing connections and Keep VPN Session Safe
In access control management, create access control type Endpoint Protection. If close existing connections is enabled, when the user logs in previously connected external packets will be disconnected. If continue to block all external connections other than VPN is also turned ON, then no external connections are allowed. zGateway VPN client will keep checking for applications that are connected to external servers and will kill those applications.
Disable Internet for end users
In access control management, create access control with Endpoint Protection policy type. If Block Internet is enabled for the user, Internet access will be disabled for the user after login.
Do not allow login through internet proxies
If proxy is enabled on client machine’s browser, end user will not to be allowed to login to zGateway VPN Gateway.