- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
EX SSL-VPN: EPC configuration for Mobile connect based VPN Connections from Android Devices
03/26/2020 
8 People found this article helpful
43,685 Views
Description
EX SSL-VPN: EPC configuration for Mobile connect based VPN Connections from Android Devices
Resolution
Feature/Application:
Mobile connect VPN connections can be checked and provisioned in a separate EPC zones. This article will explain the different EPC definition checks that can be performed with the Android devices when connecting with the Mobile connect client. We recommend a separate EPC zone and Profile for Mobile connect connections as the definition settings would be different from other client machines connections and checks. On Firmware 10.5.4 and 10.6.0, we can use the Linux based profiles to check theAndroid devices. Even though we are using Linux based EPC definitions, we need to create separate profile for Mobile connect users.
In the upcoming 10.5.5 and 10.6.1 firmware releases, we will have new EPC platforms specifically for iOS and Android devices. Customers can configure the EPC profiles based on these new platforms instead of using MAC OS X or even Linux based EPC definitions.
a. EPC Check for DeviceID
The Serial number of the Android device is used as the DeviceID and can be found in the Settings - About Phone - Status. Customer can also obtain the Serial number from the unregistered device log entries for Android phones:-
Once we have identified the deviceid's, then we can configure the EPC profile to allow connections for known devices:-
b. EPC Check for Client Certificate
EPC check for client certificates can be performed on Android devices. To install the client certificates on a android device , please refer the following link:- http://support.google.com/mobile/bin/answer.py?hl=en&answer=168466
On the Aventail appliance, the Linux based EPC profile is configured as follows:-
With this setup, when the android device connects the user is prompted to select the Client certificate for the connection check (after completing the authentication part). Then the Mobile connect app completes the connection and we can confirm the session information in the AMC - User sessions page
c. EPC Check for Jailbroken Applications or Files
Android devices can be cheked for its Rooted status using the following EPC profiles that identifies any rooted app's or even its files within the device. Customers can configure the Linux based EPC profiles as shown below to check for these details:-
Please note that List of rooted application or even its filename is not available with SonicWall. So customers have to identify these informations from their users and environment.
See Also:
Related Articles
- How to secure Virtual Office portal from all external access
- NetExtender users fail to get connected throwing an Error Failed to get vpn protocol on firmware 10.2.1.2 or above due to misconfigured protocol
- Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?
YES
NO