SMA1000: How to Check Equipment ID (Hardware ID) for EPC on Windows 11

Description

The SMA000 series End Point Control (EPC) feature can enforce device posture checks based on Hardware IDs (also called Equipment IDs or Device IDs).  When an EPC policy includes a Hardware ID check, only devices whose network adapter Hardware ID matches the allowed list can establish a VPN connection. This article explains how to find the Hardware ID on a Windows 11 device.

A hardware ID may be required when configuring  or troubleshooting an EPC policy in the AMC that restricts VPN access based on the client device's network adapter identity. If a user receives an EPC failure indicating their device does not meet the Equipment ID requirement, use these steps to retrieve the correct ID and add it to the AMC allow list.

Resolution

Method 1 (Device Manager)

  1. Right-click the Start button (or press Win + X) and select Device Manager.
  2. Expand the Network adapters section.
  3. Locate the primary network adapter used to connect to the Internet (for example, "Intel Wi-Fi 6E AX211" or "Realtek PCIe GbE Family Controller"). This is the physical adapter — do not select virtual or VPN adapters.
  4. Right-click the adapter and select Properties.
  5. Select the Details tab. In the Property dropdown, select Hardware Ids.
  6. The Value field displays one or more Hardware ID strings. Copy the top (most specific) entry. This is the value to enter in the SMA1000 AMC EPC configuration. A typical ID looks like: PCI\VEN_8086&DEV_54F0&SUBSYS_00708086&REV_01

Method 2 (PowerShell)

  1. Open Windows Terminal or PowerShell as Administrator.
  2. Run the following command:
    1. Get-PnpDevice -Class Net | Where-Object { $_.Status -eq "OK" } | Get-PnpDeviceProperty -KeyName DEVPKEY_Device_HardwareIds | Select-Object InstanceId, Data
  3. The output lists all active network adapters and their Hardware IDs. Identify the primary adapter and copy its Hardware ID value.

Method 3 (Command Prompt)

  1. Open Command Prompt as Administrator.
  2. Run the following command:
    1. wmic path Win32_PnPEntity where "PNPClass='Net'" get Name,DeviceID
  3. The DeviceID column contains the Hardware ID. Locate the primary network adapter row and copy the DeviceID value.

Important: The wmic command is deprecated in Windows 11 but still functional. The PowerShell method (Method 2) is preferred for long-term compatibility.

Configuring the Hardware ID in SMA1000 AMC

Once you have the Hardware ID, configure it in the SMA1000 AMC as follows:

  1. Log in to the SMA1000 AMC.
  2. Navigate to User Access > End Point Control.
  3. Create or edit an EPC profile. Under the Attributes section, add a new Equipment ID entry.
  4. Copy/paste the Hardware ID string copied from the client device.
  5. Assign the EPC profile to the appropriate Realm or Community.
  6. Test the connection from the client device to confirm the EPC check passes.

Important: If the user has multiple network adapters (for example, both Wi-Fi and Ethernet), the EPC check evaluates the adapter actively used for the Internet connection at the time of VPN establishment. If the user switches adapters, the Hardware ID may change. Consider adding multiple Hardware IDs to the allow list if users connect from different adapters.

Related Articles

  • How to Provision SMA1000 in Monthly Billing (MSSP Program)
    Read More
  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
Secure Mobile Access
Mobile Connect
Windows 8.1 or Later
not finding your answers?
Ask the Community
Chat