Chapter 2
Getting Started
In This Chapter
Defining a Site
Basic Operations
Connect Window
Client Icon
Understanding the Firewall
Compliance
9
10
10
7
9
9
Defining a Site
You need at least one site to connect to a VPN. If your system administrator pre-configured the client package, you can connect to the VPN site immediately. If not, you must define the site.
Before you begin, make sure you know how you will authenticate to the VPN and that you have the credentials (password, certificate file, or whatever the system administrator says you need). Also, you may need the gateway fingerprint, to verify that the client is connecting to the correct gateway. You should get this from your system administrator.
To define a site:
1. Right-click the client icon and select VPN Options.
The Options window opens.
The first time you open the window, no sites are listed.
2. On the Sites tab, click New.
Page 7
Defining a Site
The Site Wizard opens.
3. Click Next.
4. Enter the name or IP address of the Security Gateway and click Next.
It may take a few minutes for the Client to identify the site name.
After resolving the site, a security warning may open:
The site's security certificate is not trusted!
While verifying the site's certificate, the following possible security risks were discovered:
Ask your system administrator for the fingerprint of the server. If the server fingerprint matches the fingerprint in the warning message, you can click Trust and Continue. Otherwise, consult with your system administrator.
The Authentication Method window opens.
Getting Started Page 8
Basic Operations
5. Select an authentication method according to your system administrator's instructions.
6. Click Next and follow the instructions to enter your authentication materials. If you selected Secure
Authentication API (SAA), an SAA window opens to select the type of SAA. and a DLL file to use. See
Secure Authentication API (SAA) (on page 16 ).
7. Click Finish.
The client offers to connect you to the newly created site.
8. Click Yes to connect to the site, or No to save the site details and connect later.
Basic Operations
Right-click the Client icon in the system tray to access basic operations.
(Not all options appear for every client status and configuration.)
To quick connect to last active site, double-click the Client icon.
To access other basic operations, right-click the Client icon and select an option.
Option
Connect
Function
Opens the main connection window, with the last active site selected. If you authenticate with a certificate, the client immediately connects to the selected site.
Connect to
VPN Options
Register to
Hotspot
Opens the main connection window.
Opens the Options window to set a proxy server, choose interface language, enable
Secure Domain Logon, collect logs, and select a DLL file for SAA Authentication.
Lets you bypass the firewall to register to a hotspot. After you click this option, open a browser. It will open to the hotspot registration page.
Show Compliance
Report
See if your computer is compliant with the Security Policy, and if not, why not and how to fix the issue.
Show Client Open the Client overview.
Shutdown Client Closes the Client and the VPN connection.
You can also access most of these options from the Client Overview.
Connect Window
In the Connect window, you provide authentication to connect to the VPN
If you have a Certificate, browse to the certificate file and provide the password.
If you use SecurID, enter your PIN or passcode. If you get a key in response, copy it.
If you use Username and Password, enter your username and password.
If you use Challenge Response, provide the first key. When the challenge comes, provides the response.
If you use SAA, click Connect and a new window opens for authentication.
Client Icon
The Client icon in the system tray notification area shows the status of Remote Access Clients.
Getting Started Page 9
Understanding the Firewall
Icon Status
Disconnected
Connecting
Connected
Encryption (encrypted data is being sent or received on the VPN)
There is an issue that requires users to take action.
You can also hover your mouse on the icon to show the client status.
Understanding the Firewall
When Endpoint Security VPN is installed on your computer, it includes a firewall. The firewall examines all network traffic that comes to your computer and asks:
Where did the traffic come from and where is it addressed to?
Do the firewall rules allow traffic to that address?
Does the traffic violate global rules?
Based on the answers to these questions, traffic is allowed or blocked.
The administrator sets the policies and rules that control what traffic the firewall allows.
Disabling the Firewall
Your administrator can give you the option to disable the firewall on your computer. If you do have this option, when you right-click the Endpoint Security VPN icon in the system tray, one of the choices is Disable
Security Policy.
If you select this, the firewall is disabled. Depending on the compliance settings, you might not be able to connect to the VPN if your firewall is disabled.
If the firewall is disabled, the option Enable Security Policy shows in the right-click menu of the Client icon.
Select this to enable the firewall.
Compliance
Your administrator can configure checks for your computer or device to make sure it is compliant before you connect to the VPN site. Some examples of what these checks can include are:
If your Operating System is supported.
If you are logged in correctly.
If you have an updated Anti-virus client.
Your computer must be compliant with all checks to access the VPN.
If your computer is not compliant, the Client icon looks like this:
Getting Started Page 10
Compliance
If your computer is found to be non-compliant based on one check, you cannot access the VPN. In the
Client Overview window, it shows that you are not compliant and a message opens. If your computer does not comply based on multiple factors you can see multiple messages.
Follow the instructions in the message to make your computer compliant. If you have questions, contact your administrator.
You can see a compliance report that shows if your computer is compliant with the Security Policy, and if not, how to fix the issue. To get a compliance report, right-click the Client icon in the system tray and select
Show Compliance Report.
The compliance check always works in the background, if you are connected to the VPN or not. At any time it can report that your computer has failed a check and is not compliant.
Getting Started Page 11