Windows client workstation verification (ZTNA) tab

Windows client workstations are verified based on different criteria. Do note that if you select several criteria from those described below, the SSL VPN client has to meet all the defined criteria to be allowed to set up tunnels with the firewall.

Client workstation antivirus enabled and up to date

The workstation must be equipped with an active antivirus program with the latest antivirus database updates. This information is based on the status of the antivirus recognized by the Windows Security center. Third-party antiviruses are therefore supported as long as the Windows Security center recognizes their status.
Active firewall on the client workstation

The Windows firewall must be running on the workstation, and the domain network, private network and public network profiles must be enabled. If a profile is disabled, the criterion will be considered non-compliant.
SES installed on the client workstation

In infrastructures that have deployed SES Evolution, the SES agent must be installed on the workstation. 

Do note that the configuration and status of the SES agent are not taken into account.
Prohibit users holding administration privileges on the client workstation

Users who hold administrator privileges on the workstation cannot set up tunnels with the SNS firewall.

Check the Windows 10/Windows 11 version (build number)

Select the checkbox to enable the settings section of the required Windows 10 and Windows 11 versions. Two tabs are available, depending on the Windows version in question.

Allow a version range (builds)

When this option is selected, you have to enter the Lowest version that the workstation must run (by default 10000 for Windows 10 and 20000 for Windows 11).

You can enter the Highest version that the workstation must run, or leave this field empty to allow all versions equal to or higher than the lowest specified version.
Allow only one version
  • When this option is selected, you have to enter the exact Windows version of workstations that are allowed to set up tunnels.
    		•

    Membership in a company domain

    Ensure that the host is connected to a company domain

    When this option is selected, you have to add to the grid the domains of the workstations that are allowed to set up tunnels.

    Do note that this criterion is not related to the configuration of directories on the firewall.
    Ensure that the user belongs to a company domain

    When this option is selected, you have to add to the grid the domains of users who are allowed to set up tunnels. With this criterion, the user's full name, including the domain, will be verified. As such, even if the workstation is connected to a domain, local users on the workstation will not be able to set up tunnels.

    Do note that this criterion is not related to the configuration of directories on the firewall.