EX SSL-VPN: EPC configuration for Mobile connect based VPN Connections from Android Devices
03/26/2020 8 12264
DESCRIPTION: EX SSL-VPN: EPC configuration for Mobile connect based VPN Connections from Android Devices
Mobile connect VPN connections can be checked and provisioned in a separate EPC zones. This article will explain the different EPC definition checks that can be performed with the Android devices when connecting with the Mobile connect client. We recommend a separate EPC zone and Profile for Mobile connect connections as the definition settings would be different from other client machines connections and checks. On Firmware 10.5.4 and 10.6.0, we can use the Linux based profiles to check theAndroid devices. Even though we are using Linux based EPC definitions, we need to create separate profile for Mobile connect users.
In the upcoming 10.5.5 and 10.6.1 firmware releases, we will have new EPC platforms specifically for iOS and Android devices. Customers can configure the EPC profiles based on these new platforms instead of using MAC OS X or even Linux based EPC definitions.
a. EPC Check for DeviceID
The Serial number of the Android device is used as the DeviceID and can be found in the Settings - About Phone - Status. Customer can also obtain the Serial number from the unregistered device log entries for Android phones:-
Once we have identified the deviceid's, then we can configure the EPC profile to allow connections for known devices:-
With this setup, when the android device connects the user is prompted to select the Client certificate for the connection check (after completing the authentication part). Then the Mobile connect app completes the connection and we can confirm the session information in the AMC - User sessions page
c. EPC Check for Jailbroken Applications or Files
Android devices can be cheked for its Rooted status using the following EPC profiles that identifies any rooted app's or even its files within the device. Customers can configure the Linux based EPC profiles as shown below to check for these details:-
Please note that List of rooted application or even its filename is not available with SonicWall. So customers have to identify these informations from their users and environment.