Failed End Point Control Check

End Point Control can prevent the connection when the server is an SMA 1000 Series or SMA 100 Series. During the connection process, the connection status displays EPC checking... while the End Point Security policy checks are performed. If the device is not compliant because a security check failed, an error message is then displayed.

EPC checking

You can view the Mobile Connect log for more detailed information about which check failed. For example, you might see the following if an EPC policy was set up to restrict access to only a single device ID (EQUIPMENT ID).

2014-07-10 13:08:23:974 DEBUG Thread-142 - SmaEpcManager - Allow Profile:

{AndroidEPCExamplePolicy:[Literal=EQUIPMENTID,1,1234567890]}

2014-07-10 13:08:23:976 DEBUG Thread-142 - SmaEpcManager - Deny Profile: {}

2014-07-10 13:08:23:977 DEBUG Thread-142 - SmaEpcManager - Recurring Mode: 1

2014-07-10 13:08:23:978 DEBUG Thread-142 - SmaEpcManager - Recurring Period: 1

2014-07-10 13:08:24:200 DEBUG Thread-142 - SmaEvaluator - Evaluate literal:

Literal=EQUIPMENTID,1,1234567890

2014-07-10 13:08:24:200 DEBUG Thread-142 - SmaEvaluator - DeviceID<abcda50e-

e13b-1234-b89d-b3da7384a2f5>, expect<1234567890>

2014-07-10 13:08:24:201 INFO Thread-142 - SmaEpcManager - Failed allow profile:

Literal=EQUIPMENTID,1,1234567890

When the server is either an SMA 1000 Series or an SMA 100 Series, policies can be created to check different attributes of the Android device, including:

• Rooted or Not Rooted
• Client certificate installed
• Android OS version
• Device ID / Equipment ID
• Anti-Virus App
• Personal Firewall App
• Application
• Directory name
• File name

See the SonicWall SMA Administration Guide for the server for complete information about End Point Control policy options.