Secure Mobile Access 12.4 Administration Guide

Managing EPC with Zones and Device Profiles

Device profiles can include any combination of the following attributes to identify a client and assign it to a “zone of trust,” quarantine it, or deny it access altogether:

  • Application

  • Client certificate

  • Directory name

  • Equipment ID (the identifier for a device; for example, the IMEI number of a mobile device)

  • File name, size, or timestamp

  • Windows domain

  • Windows registry entry

  • Windows version

  • Microsoft Intune

If you have Advanced EPC, you have additional attributes for identifying security programs on client devices:

  • Antimalware program

  • Personal firewall program

And, you can define fallback detection for these types of security programs using the EPC library. See Advanced EPC: Using Fallback Detection for configuration instructions.

An EPC zone can reference one or more device profiles. Multiple device profiles are useful if there are users with similar VPN access needs who use different computer platforms. For example, you could configure an EPC zone that references a device profile for Windows computers, and another zone for Macintosh computers. AMC supports device profiles for Windows, Macintosh, Linux, and other mobile devices (such as PDAs and smart phones). You can create multiple zones and device profiles as needed to accommodate different access scenarios and levels of trust, such as separate zones for employees, business partners, or contractors.

AMC includes a predefined zone and some device profiles:

  • You can customize the Default zone to some extent, but you cannot delete it. A device that cannot be classified into any of the zones you have configured is placed in either the Default zone, or a Quarantine zone. (When you configure a community, you choose which of these will be the fallback zone; see Using End Point Control Restrictions in a Community for how to do this.) See Configuring the Default Zone for more information.

  • To help you get started with Advanced EPC, the appliance includes some preconfigured device profiles designed for common access scenarios. You can use these as is, or customize them to meet your needs; see Advanced EPC: Using Preconfigured Device Profiles for more information.

Communities are used to specify which zones are available to users after they authenticate. For information on linking zones to communities, see Using End Point Control Restrictions in a Community. In addition, you can tie zones to your access policy in much the same way as users, groups, and resources.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.