How the Appliance Uses Zones and Device Profiles for End Point Control
End Point Control is managed and deployed at the community level on the appliance. An authentication realm—
the entry point to the appliance for users—references one or more communities, which are collections of users
or groups with similar access needs. A community in turn references one or more EPC zones. EPC zones can
reference one or more device profiles, which define the attributes that must be present on a client computer.
The EPC process works this way:
End Point Control for zone IT-Managed
A user connects to the appliance:
The user logs in to an authentication realm.
The appliance assigns the user to a community that belongs to that realm.
The appliance interrogates the user’s computer to determine if it has attributes (contained in a device profile) that match those defined in one of the community’s EPC zones.
If the device matches a profile, the appliance classifies the computer into a particular EPC zone and deploys the EPC tools configured for that zone.
If the user is connecting with a personal device, they may optionally be prompted to authorize the VPN connection.
In this case, the user’s device profile matches an End Point Control zone named IT-managed. For a more
detailed description of this process, see Scenario 1: Employees Connecting from IT-Managed Laptops.
End Point Control has some specific Web browser requirements (for example, Safari is recommended over Mozilla Firefox on Apple Macintosh systems); see Client Components for detailed requirements.
During client interrogation, the device profile attributes that the appliance is checking for and whether they were found is recorded in the system message log, provided the log level is set to verbose. See End Point Control Interrogation for more information.
Was This Article Helpful?
Help us to improve our support portal