Advanced EPC
Advanced EPC provides an extended and detailed list of personal firewall, antivirus, and spyware programs to
check for on a client. EPC can be done on Windows, OS X, Linux, Android and iO S.
There are a few device profiles to help you get started: you can use them as is or modify them to suit your access
policy and resource requirements. The home‐user profiles, for example, check for a wide variety of antivirus and
personal firewall programs, while a series of corporate profiles check for programs from particular vendors.
If the preconfigured device profiles don't address your specific security needs or computing environment, you
can create additional profiles that the appliance will use to detect the presence of specified attributes on users'
devices. The types of device profile attributes available are:
• Antivirus software
• Antispyware software
• Application
• Client certificate
• Directory name
• Device ID
• File name, size, or timestamp
• Personal firewall program
• Windows domain
• Windows registry entry
• Windows version
Putting It All Together: Using Realms and
Communities
Realms are the top‐level objects that tie together authentication, user management, access agent provisioning,
and End Point Control restrictions.
A realm references one authentication server or a pair of them (for chained authentication). Authentication
servers must first be defined in AMC, and they are then referenced by a realm that users log in to.
After users log in to the appliance, they are assigned to a community based on the identity supplied during
login. By default, all users are assigned to a default community, but you can sort users into different groups
based on individual identity or group memberships. In turn, the community defines a default set of access
methods and the set of end point restrictions placed on client devices. The community can also determine the
appearance of WorkPlace: the layout and style of WorkPlace pages can be tailored to a particular community.
Authenticating with realms and communities shows how a realm authenticates users, assigns them to
communities to provision access agents and, with End Point Control enabled, assigns community members to
different zones based on the trustworthiness of their computers.
SonicWall SMA Connect Tunnel 12.0 Deployment Planning Guide
23
Planning Your VPN