36.3 VPN Traffic

VPN traffic detection enables the device to detect when a VPN connection is established and active. VPN traffic detection serves two purposes:

  • If the policy includes a Pre-VPN location, VPN detection allows the device to initiate a switch from the Pre-VPN location to the VPN location after the VPN connection is established. If VPN detection is not enabled, you must configure the switch to occur after a specific period of time. For more information about the Pre-VPN location, see Understanding the VPN Enforcement Policy.

  • To exit the VPN location after a period of VPN traffic inactivity. If VPN detection is not enabled, the VPN location is not exited until 1) the device changes location or 2) all network connections are dropped.

To use VPN traffic detection, select Enable VPN Traffic Detection, then fill in the following fields:

  • Adapters to monitor: Specify the adapter types and specific adapters to monitor:

    • Adapter Type: Select whether you want to monitor All adapter types, Wired adapters only, or Wireless adapters only.

    • Adapter Names: To monitor all adapters of the selected Adapter Type, leave the adapter list empty. To monitor specific adapters only, type an adapter name and then click Add to add it to the list. Adapter names are not case sensitive. In addition, partial matching is used. For example, Adapter1 not only matches Adapter1 but also matches adapter10 and acme adapter100. The more complete the name, the more limited the matches.

  • Network Traffic: Add the network addresses you want to use to determine if the device has an active VPN connection. The connection is active if the ZENworks Endpoint Security Agent receives a ping reply from any of the addresses or detects continuous packet streams from any of the addresses.

    Click New to display the Add Network Traffic Address dialog box, select the address type (IP address or DNS), then enter the address using one of the following formats:

    • xxx.xxx.xxx.xxx: Standard dotted-decimal notation for a single IP address. For example, 123.45.167.100.

    • xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx: Standard dotted-decimal notation for a range of IP addresses. For example, 123.45.167.100-123.45.167.125.

    • xxx.xxx.xxx.xxx/n: Standard CIDR (Classless Inter-Domain Routing) notation for IP addresses. For example, 123.45.167.100/24 matches all IP addresses that start with 123.45.167.

    • www.domain_name: Standard domain name notation. For example, www.novell.com.

    • www.domain_name/n: Standard CIDR (Classless Inter-Domain Routing) notation for a domain name. For example, www.novell.com/16.

    The addresses are tested in the order they are listed, from top to bottom. Use the Move Up and Move Down options to reorder the list.