EX SSL-VPN: EPC configuration for Mobile connect based VPN Connections from Android Devices
03/26/2020 
7 
9901
DESCRIPTION:
EX SSL-VPN: EPC configuration for Mobile connect based VPN Connections from Android Devices
RESOLUTION:
Feature/Application:
Mobile connect VPN connections can be checked and provisioned in a separate EPC zones. This article will explain the different EPC definition checks that can be performed with the Android devices when connecting with the Mobile connect client. We recommend a separate EPC zone and Profile for Mobile connect connections as the definition settings would be different from other client machines connections and checks. On Firmware 10.5.4 and 10.6.0, we can use the Linux based profiles to check theAndroid devices. Even though we are using Linux based EPC definitions, we need to create separate profile for Mobile connect users.
In the upcoming 10.5.5 and 10.6.1 firmware releases, we will have new EPC platforms specifically for iOS and Android devices. Customers can configure the EPC profiles based on these new platforms instead of using MAC OS X or even Linux based EPC definitions.
a. EPC Check for DeviceID
The Serial number of the Android device is used as the DeviceID and can be found in the Settings - About Phone - Status. Customer can also obtain the Serial number from the unregistered device log entries for Android phones:-
Once we have identified the deviceid's, then we can configure the EPC profile to allow connections for known devices:-
b. EPC Check for Client Certificate
EPC check for client certificates can be performed on Android devices. To install the client certificates on a android device , please refer the following link:- http://support.google.com/mobile/bin/answer.py?hl=en&answer=168466
On the Aventail appliance, the Linux based EPC profile is configured as follows:-
With this setup, when the android device connects the user is prompted to select the Client certificate for the connection check (after completing the authentication part). Then the Mobile connect app completes the connection and we can confirm the session information in the AMC - User sessions page
c. EPC Check for Jailbroken Applications or Files
Android devices can be cheked for its Rooted status using the following EPC profiles that identifies any rooted app's or even its files within the device. Customers can configure the Linux based EPC profiles as shown below to check for these details:-
Please note that List of rooted application or even its filename is not available with SonicWall. So customers have to identify these informations from their users and environment.
See Also:
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
