Remote Access EPC

Traditional VPN solutions typically provide access only from the relative safety of a corporate laptop. These VPNs are primarily designed to prevent unauthorized network access, and they typically are not designed to verify that the user’s computer is secure. Corporate IT departments configure computers under their control with antivirus software, firewalls, and other safeguards designed to protect them from malicious software.

Because SSL VPN solutions can provide network access from any web-enabled device—such as public computers at cafes, airports, or hotels—extra care must be taken to verify that the user’s environment is secure. These unmanaged computers can easily be infected by keystroke recorders, viruses, Trojan horses, and other hazards that can compromise your network.

Remote Access End Point Control (EPC) verifies that remote user’s computers are secure before allowing network access.

To configure Remote Access EPC, complete to the following:

Navigate to the SSL VPN > Remote Access EPC page of the SonicWALL GUI.

Select Enable Remote Access EPC. When EPC is disabled, only the Default Device Profile can be configured, but without the Security Attribute settings. The Remote Access EPC page is divided into the following sections:

•

General Settings

•

Device Profiles

•

Device Profile Search

•

Deny Device Profiles

•

Allow Devices Profiles

•

Device Profile failback options

•

Quarantine Device Profile

•

Default Device Profile

SonicWALL recommends beginning by configuring the Default Device Profile. Scroll to the bottom of the Remote Access EPC page and click the Configure icon. See Configuring Remote Access EPC Device Profiles for full instructions on configuring the Device Profile.

Click Add to configure additional Device Profiles. See Configuring Remote Access EPC Device Profiles for full instructions.

If you are supporting SSL VPN sessions from Linux or MacOS devices, click the appropriate button in the OS Type menu.

Click Configure to configure the Default Device Profile for Linux and/or MacOS.In the Device Profile Fallback options section, select how you want to treat users who do not match any of the Deny or Allow Device profiles:


	NOTE: SonicOS currently does not support Remote Access EPC Security Attributes for Linux or MacOS; but in order to support Linux and MacOS users, you must configure the network address and client routes for the Linux and MacOS Default Device Profile.

•

Place into default device profile – Users are granted network access as defined in the Default Device Profile.

Place into quarantine device profile – Users are not granted network access. A pop-up window displays a administrator-configurable message that To configure the message that is displayed to quarantined users, click the configure icon for the Quarantine Device Profile.Click the Example Template to auto-populate the Quarantine Message with formatted HTML text. The quarantine pop-up message is displayed in a window that is 500 pixels wide. Edit the text of the message and click Preview to view how it is displayed to quarantined users.