Secure Mobile Access 12.4 Administration Guide

Viewing User Access and Policy Details

If a user is experiencing trouble with a session—for example, he is logged in but cannot establish a connection or is denied access to resources—you can use the Session Details page to diagnose the problem. It enables you to troubleshoot a session, whether or not it’s still active, by assessing its status, determining why a user’s device is classified into a particular zone, and discovering what policy rules are applied, editing them as needed.

To view user session details

  1. In the AMC, navigate to Monitoring > User Sessions.

  2. 2 Click the username link for the session you want more details about; if needed, narrow the displayed list by setting filters, and then click Refresh.

    • To troubleshoot access to resources, look at the Access requests list. You can expand a list item to see the access control rule that determined whether this particular connection request should be allowed or denied. If the rule still exists, you’ll also see a link for editing the item.

    • Information for resources accessed using application access control identify the client software and platform for the session, the application used to access the resource, and the rule that allowed or denied access.

    • An End Point Control zone classifies a connection request based on the presence or absence of a device profile. On the Zone classification page you can see what EPC zones (if any) were evaluated during this session and what the outcome of each evaluation was. In this example, the mobile device was placed in the Pocket PC zone, but it did not match the Equipment ID device profile.

    • If the user’s session has any current Connect Tunnel connections, they are listed by IP address on the Active connections page. Other access agents are not listed here because they do not keep the VPN connection open.

    • If the user connected using a personal device, device and authorization information is provided on the Device Authorization page. Users who were denied access because they did not accept the authorization terms are also identified on this page.

    • If the user connected using application access control, information about the applications found on the end point that are under control are also identified.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.