Enterprise Secure Mobile Access - ChromeOS Support
03/26/2020 
5 
10810
DESCRIPTION:
From SRA 11.4 onwards, web connections from ChromeOS to SMA are allowed secure access from a browser. In addition, WorkPlace Lite access is supported from ChromeOS.
Devices running ChromeOS can use services on the SMA appliance (Tunnel, End Point Control, etc.) as just another platform like Windows or Mac OSX.
Note:
- Limited support for SMA features when using Mobile Connect on Chrome.
This KB article describes how to configure ChromeOS Device Zone profiles in the AMC.
RESOLUTION:
Configuration
AMC Device Profiles for ChromeOS
Create new Device Zone profiles for Chrome OS by browsing to End Point Control → Edit under Profiles → New Device Profile → ChromeOS
The profile can be referenced in existing Device Zones and Access Control Rules
The ChromeOS Device Profiles allow you to configure the following attributes:
AMC Access Control Rule for ChromeOS
You can also match policy for ChromeOS as a Platform on Access Control Rules (does not require End Point Control). Browse to Access Control Rules Your Access Control Rule Advanced.
AMC User Session
For 11.4.0 and newer versions, AMC User Sessions will display the platform as ChromeOS, and you can write EPC and ACL policy against the platform of "ChromeOS".
For versions prior to 11.4.0, AMC User Sessions for Mobile Connect on ChromeOS will show "Unknown" or "Linux" as the platform information (web only access will not work). We only support basic Tunnel access with no EPC connecting to SMA versions prior to 11.4.0.
Connect using Mobile Connect from ChromeOS
- Install SonicWall Mobile Connect from the Chrome Web Store.
- Once installed, launch Mobile Connect by clicking on the wireless signal strength indicator in the system tray, and selecting VPN disconnected.
- Select SonicWall Mobile Connect from the top of the list to add a new connection
To start a connection, click on VPN disconnected again, and then click the name of your connection you created previously.
What value is used for equipment id on Mobile connect for Chrome OS?
The EquipmentID on ChromeOS device is uniquely generated by Mobile Connect using the link local IPv6 address (which is derived from Mac address).
Does the tunnel resume when there is a network change?
No. Chrome OS disconnects the tunnel whenever there's a network change.
Can a new session be started from within the app?
No. Chrome OS doesn't allow the app to start a new session. Session must be started from the system-tray.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
