SonicWALL SMA Planning Manual page 32

for Partners. We'll also set up a Quarantine zone for users (employees or partners) whose devices fail to match
the profiles that we specify.
Creating a zone is simply a way of setting one or more conditions that users must meet before they are granted
secure, remote access to resources. In our example, the user will be classified into the Trusted zone if a certain
antivirus program is running (Norton AntiVirus is used in this example, but you can substitute another program).
If the program is not running, the user is classified into the Untrusted zone.
The conditions you set in a real deployment will of course be different—this is just a demonstration of how EPC
works.
Topics:
• Creating a Standard Zone for Trusted Users on page 32
• Creating a Standard Zone for Partners on page 32
• Creating a Quarantine Zone for Untrusted Users on page 33
Creating a Standard Zone for Trusted Users
To create a Standard zone named Trusted for employees:
1 From the main navigation menu in AMC, click End Point Control.
2 If the link next to End Point Control is Disabled, click the link and select the Enable End Point Control
checkbox on the Configure General Appliance Options page.
3 Click New, and then select Standard zone from the menu. The Zone Definition ‐ Standard Zone page
appears.
4 In the Name field, type Trusted.
5 In the All Profiles list, select the checkbox next to Windows antivirus, and then click the right arrows (>>)
to add it to the In Use list. To see the attributes in this built‐in profile, click its name.
6 The client device will be checked at login to see if it is running either Norton Antivirus or MacAfee
VirusScan. If you want this check to reoccur during a given session, set the interval in minutes in the
Recurring EPC area.
7 When you are finished configuring the zone, click Save. The Standard zone named Trusted is now
displayed in the list of End Point Control zones. To match this profile, a user's device must be running the
security programs you specified in Step 5.
In this example, we will classify devices that do not match the Standard zone we created into a Quarantine zone
named Untrusted; see Creating a Quarantine Zone for Untrusted Users on page 33
Creating a Standard Zone for Partners
To create a Standard zone named Partner zone for partners:
1 From the main navigation menu in AMC, click End Point Control.
2 Click New, and then select Standard zone from the menu.
3 In the Name field, type Partner zone.
4 To create a device profile, click New, and then select a platform from the shortcut menu (for example,
Microsoft Windows).
5 Enter a name for the device profile in the Name field. For example, Symantec AV.
SonicWall SMA Connect Tunnel 12.0 Deployment Planning Guide
Common VPN Configurations
32