Managing EPC with Zones and Device Profiles
Device profiles can include any combination of the following attributes to identify a client and assign it to a
“zone of trust,” quarantine it, or deny it access altogether:
Equipment ID (the identifier for a device; for example, the IMEI number of a mobile device)
File name, size, or timestamp
Windows registry entry
- Microsoft Intune
If you have Advanced EPC, you have additional attributes for identifying security programs on client devices:
And, you can define fallback detection for these types of security programs using the EPC library. See Advanced EPC: Using Fallback Detection for configuration instructions.
An EPC zone can reference one or more device profiles. Multiple device profiles are useful if there are users with
similar VPN access needs who use different computer platforms. For example, you could configure an EPC zone
that references a device profile for Windows computers, and another zone for Macintosh computers. AMC
supports device profiles for Windows, Macintosh, Linux, and other mobile devices (such as PDAs and smart
phones). You can create multiple zones and device profiles as needed to accommodate different access
scenarios and levels of trust, such as separate zones for employees, business partners, or contractors.
AMC includes a predefined zone and some device profiles:
You can customize the Default zone to some extent, but you cannot delete it. A device that cannot be classified into any of the zones you have configured is placed in either the Default zone, or a Quarantine zone. (When you configure a community, you choose which of these will be the fallback zone; see Using End Point Control Restrictions in a Community for how to do this.) See Configuring the Default Zone for more information.
To help you get started with Advanced EPC, the appliance includes some preconfigured device profiles designed for common access scenarios. You can use these as is, or customize them to meet your needs; see Advanced EPC: Using Preconfigured Device Profiles for more information.
Communities are used to specify which zones are available to users after they authenticate. For information on
linking zones to communities, see Using End Point Control Restrictions in a Community. In addition, you can tie
zones to your access policy in much the same way as users, groups, and resources.
Was This Article Helpful?
Help us to improve our support portal