Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

EW SEM EPC questions

Hi,

We all know now sma 1000 series run url scheme to call sonicwall connect agent then run SEM on chrome, firefox.

Can we know the flow on how SEM EPC checking runs?

Is it all end-point checking runs on client locally, then pass the result back to SMA to determine zone?

In some case, EW EPC checking fails, client drop to some deny zone.

Then, client restart the browser and retry EPC. This time they are matched to correct zone.

How can we diagnostic these kinds of EPC fail?

SMA connect agent log:

2020-07-17 17:24:52.138    Successfully loaded EPInterrogator.

2020-07-17 17:24:52.138    Client version is newer than required version, proceeding with interrogation...

2020-07-17 17:24:52.138    {"semVersion":"12.4.0.494","epcState":"epc_started"}

2020-07-17 17:25:10.005    Interrogation completed with result [0].

2020-07-17 17:25:10.005    {"semVersion":"12.4.0.494","epcState":"epc_completed"}

If the result is [0], we can assume EPC checking process run successfully?

Category: Secure Mobile Access Appliances
Reply

Best Answer

Answers

  • NatNat Newbie

    Anyone can share some knowledge?

  • Adding @Vijay_Kumar_KV and @Simon for more visibility.

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • SimonSimon Moderator

    "Interrogation completed with result [0]." means the EPC ran successfully on the client side. This does not mean the client matched the EPC device profile on the SMA.

    The client reports the elements to the SMA EPC process where they are evaluated. The SMA logs will show the flow of the evaluation.

  • NatNat Newbie

    @Simon

    So EPC process is done locally then result report back to SMA?

    In case of evaluation fail, any local evaluation process logs we can find in client PC locally?

  • SimonSimon Moderator

    @Nat No. The SMA determines whether the user system met the requirements.

    Here is how it goes.

    At login the SMA passes to the client side EPC agent the values to be evaluated, not the desired values. The client EPC agent captures the elements and forwards them to the SMA to be evaluated.

    On the client side you will only be able to tell if you passed the EPC and what Zone the client was assigned.

    On the SMA you can identify what aspect of EPC failed or passed.

    The determination of the result of the evaluation is purely done on the SMA itself, as evidenced by the Zone assigned to the client.

  • NatNat Newbie

    @Simon

    So what could be the possible reason for a client actually installed like Symantec SEP but SMA API with false result on checking Symantec SEP ?

  • SimonSimon Moderator

    @Nat There are a couple of questions to narrow that.

    First, is your EPC database current? 20.04.08.71 is the current version. The EPC database is downloaded from Mysonciwall downloads page and is independent of the firmware version.

    Second, what is the exact version of your Symantec SEP? Is that specific value in the EPC versions list under Symantec SEP?

    EPC specifically matches some discrete values, but this is a race the anti-malware company is always going to win. It is not possible for the EPC database to always be completely current. So select >= rather than =. If your SEP version is newer than 14.2, this approach should make it pass. If that is not successful you might pick the 'Any product from this vendor' approach.

    I would not do more than 3 or 4 'Any product' company selections in one device profile. Windows has a limit in the time it will allow for such evaluations.

  • NatNat Newbie

    @Simon

    Here is the situation:

    Profile allow SEP = 14.2, signature update <=7 days , etc...

    1st login via Chrome failed, user assign to default zone

    2st login via IE, no problem, correct zone assigned.

    Or we can say, sometimes chrome can identify SEP, sometimes it cannot...As you said the evaluation is done by SMA appliance, why these behavior happens? SEM should pass same values to SMA on every attempts

  • NatNat Newbie

    @Simon Thanks for clarification. One more thing, can sonicwall share how local SEM get the system values?

    Via Windows Management Instrumentation? Registry checking? window sc query?

    Cause we pretty sure client had SEM installed and click accept on Chrome when SEM prompts but it still fails and get into default Zone.

  • SimonSimon Moderator

    @Nat For a detailed analysis for why a specific situation failed EPC please open a case with support.

Sign In or Register to comment.