This scenario begins with an employee connecting to the appliance from a home PC:
The user connects to the appliance, logs in to the realm Employees, and is assigned to the Full-time employees community.
Once the user is authenticated, the client device is interrogated to determine if it matches any device profiles belonging to the zones referenced by the Full-time employees community. Device profiles are evaluated by zone, starting with any Deny zones and then proceeding through the others listed for the community.
In this scenario, the appliance finds that the client doesn’t match the device profile for the Deny zone (Block-access) or the Standard zone named IT-managed, so it continues to the next one in the list: Semi-Trusted.
The Semi-trusted zone references a device profile named Home device. The appliance determines that the user’s device attributes (a registry key entry, antimalware software, an application, and a personal firewall) match that device profile.
Based on that match, the appliance classifies the device into the Semi-trusted zone and doesn’t evaluate the subsequent zones in the community.
Because the Semi-trusted zone is configured to require a data protection tool on the client, the appliance deploys Cache Cleaner to the client. The appliance then provisions the access agent configured for the Full-time employees community, and the user is able to access the appropriate network resources.