Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

← UTM (Formerly ASG) Feature Requests

NAC/Endpoint-Control of remote access users

Normally you can only check username and password (in extension a certificate ) during remote access authentication. There is no ability for checking the environment of the user, f.e. what device is he using, AV running and up-to-date, Firewall on, not using special applications, etc. .
There must be a applet used during clientless SSL-VPN access for checking the user environment against important security functions and after checking the user has to match into a security zone. Depending on which zone the user lands, there are different rules working for access the internal site.

169 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    I agree to the terms of service
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Volker KullVolker Kull shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    nizaamnizaam shared a merged idea: End Point Security - NAC  ·   · 
    InfodataInfodata shared a merged idea: Centralized Antivirus Management/Enforcement  ·   · 

    9 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      I agree to the terms of service
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • Jonathan SmithJonathan Smith commented  ·   ·  Flag as inappropriate

        Yes, a much needed feature. Brings ASG in line with other remote access products on the market!! I’m quite surprised that no compliance checking is done to gauge the current condition of a connecting endpoint. I think this becomes vital with the new Clientless SSL VPN functions being released.

      • William WarrenWilliam Warren commented  ·   ·  Flag as inappropriate

        hard to do with a security appliance of this nature. Windows server 2008 editions have this ability which is where this ability belongs. Unless you want the astaro to be the central authenticator this one really belongs on the authenticating server(aka AD or LDAP).

      • alhadialhadi commented  ·   ·  Flag as inappropriate

        yes in can be handy for our envirnment too and those can be vital in accessing files remotely or whatever it could be.

      • Mark B.Mark B. commented  ·   ·  Flag as inappropriate

        Yes. Indeed. When I get some of my votes back, I'm throwing a few here. Other products allow you to run a "host checker" whereas the connecting pc must meet certain criteria before access is allowed. Things to include might be a check of the
        OS, service pack level, up to date AV and even the check for the installation of a hidden file so that only corporate pc's can connect and home pc's can not.

      UTM (Formerly ASG) Feature Requests: UTM Endpoint Protection

      Feedback and Knowledge Base

      (thinking…)
      © 2012 by Astaro GmbH & Co. KG - a Sophos company