Scenario 5: Employee Connects from a Mobile Device
In this scenario an employee connects to the appliance from a mobile device outside of the corporate office. To
establish an association between a particular user and his or her device (in case the device is misplaced or lost),
the administrator has collected the user name and IMEI (International Mobile Equipment Identity) number for
each device, and has added the IMEI number for user accounts on the Active Directory server. The administrator
has also created a device profile named Mobile resources that verifies that user/IMEI association.
When a user logs in, the sequence is:
The user connects to the appliance, logs in to the realm Employees by entering a user name and password, and is then assigned to the Mobile employees community.
After the user authenticates, the client device is interrogated (using a device profile for the zone referenced by the Mobile employees community) and its IMEI number is determined.
The IMEI number is compared against the one that is associated with the user in the AD directory. If there’s a match, the user is allowed access to mobile device-specific links; otherwise he or she is denied access.
Optionally, the user may be prompted to authorize the VPN connection from the personal device.
Checking for an IMEI number works only on wide area networks (WAN), not WiFi, and the WAN
service must be on for the post-authentication process to determine the IMEI number on the mobile
To track service by mobile device and user you can process audit log files for network proxy, Web proxy, or
Was This Article Helpful?
Help us to improve our support portal