Scenario 1: Employees Connecting from IT-Managed Laptops
This scenario begins with an employee connecting to the appliance using an IT-managed laptop:
- The user connects to the appliance, logs in to the realm Employees, and is assigned to the Full-time
- After the user authenticates, the client device is interrogated to determine if it matches any device
profiles belonging to the zones referenced by the Full-time employees community. Device profiles are
evaluated by zone, starting with any Deny zones and then proceeding through the zones listed for the
- The appliance finds that the client doesn’t match the device profile for the Deny zone (Block-access), so it
proceeds to check the profile for the IT-managed zone. The IT-managed zone references a device profile
named Trusted laptop. The appliance determines that the user’s device attributes match that particular
device profile (a registry key entry, antimalware software, and an application).
- Based on that match, the appliance classifies the device into the IT-managed zone and doesn’t evaluate
the subsequent zones in the list for that community.
- The IT-managed zone is not configured to require a data protection tool on the client. The appliance then
provisions the access agent configured for the Full-time employees community, and the user is able to
access the appropriate network resources.
Was This Article Helpful?
Help us to improve our support portal