• Digital Workspaces
          • Digital Workspaces

            Enable desktop & application virtualization, identity management, and secure remote access for work from home (WFH) employees

          • zPortal
          • Controller for desktop and application virtualization via shared hosted desktops and VDI

          • zGateway
          • Secure remote users working from any network on any device to protect corporate data

          • SnapVDI Thin Client (zTC)
          • Thin client endPoint devices for Citrix, Microsoft Hyper-V & WVD and VMware

          • zBrows
          • Provide secure browser-based access to virtualized corporate workspace users

          • zMFA
          • Integrated multi-factor authentication (MFA) for secure user verification on any device

          • zClient
          • Software client for installing on your endpoint devices for connection to zPortal and zGateway

    • Healthcare Solutions
          • Healthcare Solutions

            Remote patient monitoring platform and devices for clinicians and caregivers to remotely monitor the vital signs of their patients

          • ZettaRPM
          • Universal cloud-based remote patient monitoring platform for healthcare organizations

          • B.O.L.T Devices
          • Monitor, track, and improve patients’ health with remote patient monitoring (RPM) devices

    • Data Storage Appliances
          • Data Storage Appliances

            Reliable, high-performance SAN appliances with inclusive snapshots, replication, and  automated data tiering software

          • StorTrends 3500i
          • Extreme-performance SAN with Hybrid and All-Flash configurations to handle even the most demanding workloads

          • StorTrends 3400i
          • Highly reliable HDD-based SAN suited for data retention, backups and low-performance environments

          • StorTrends 3202j
          • Expansion shelf configurable as all-HDD, hybrid, or all-flash to seamlessly add capacity to the StorTrends 3500i or StorTrends 3400i

  • Knowledge Base
  • Company
  • Events
  • Support
  • Contact

How Can We Help?

Device Controls

You are here:
< All Topics

In previous versions of VPN, access controls were only based on application groups – Allowing application group access to user groups. zGateway’s new improved access control management interface will allow creating access controls with added access control methods.

Newly added access control Methods are:
a) Device ID fingerprinting based access control to User groups/User – Device ID access controls will restrict access of VPN gateway to user groups based on matched criteria of end user machine device finger prints.
b) Endpoint Connectivity Based Access Controls to User groups/User – Based on this policy, Administrator can control Internet access, and close all active connections if users are connected to VPN gateway.

DEVICE ID BASED FINGERPRINTING
Device ID based finger printing feature added in this release will capture necessary details from the client machine running the zGateway client software. The Device ID is a unique set of numbers and letters generated and allotted by hardware manufacturers for identifying their device. Administrator can create access control for user groups based on Device ID fingerprinting.

Parameters covered under device fingerprint:
 OS type – Client Operating System details
 Mother Board ID – ID of Mother board
 CPU ID – ID of CPU
 MAC ID – MAC Address of LAN card
 Hard disk ID – ID of Hard disk
 IMEI number – IMEI Number of the device (For Android and iOS based Devices),
 Received WAN IP Address – WAN IP address received on Server sent by client. This can be different than original IP address if client browser is proxy configured. This option can be disabled using preference on the server side.
 Detected WAN IP address – WAN IP address detected by server where WAN packets are terminating at Firewall or Router. This is the WAN IP address SSL VPN client is receiving from SSL connection.
 Device Type – Will show the device type
 Browser Type – Will display browser name
 Browser ID – Will display browser ID
 Region – Client machine regional Settings
 Time zone – Time zone of end user machine
 Locale – Language which sets on client machine.
 Default gateway – Default gateway address of Client machine.
 Network Card Manufacturer – Name of NIC card manufacturer.

<device_sig.IMG>

Device ID Based Access Controls
Administrators can create Device ID based access controls from zGateway Management Console > Access Management > Access controls > Create access controls > Select access control type as Device ID.
When a user logs in to zGateway server for the first time, zGateway client will scan device finger prints and will send them to server. Administrator can select single or multiple Device ID parameters for creating access control. Administrator can also mention number of per user device ID signatures. For instance, if administrator selected 3 device ID signatures, User can login into zGateway server from maximum of three different End user machines / devices.

Automatically approve devices:
Administrator can control allowing device access by manual process or automatically. All scanned Device ID details are stored in database and administrators can allow or deny access. Captured Device ID details can be found under
Management console > End point Management > Device Management.

ENDPOINT PROTECTION BASED ACCESS CONTROLS
With end point protection based access controls, Administrator will have more control over client network traffic by using zGateway client. Administrator can disable Internet access, Deny zGateway access if proxy is enabled or disconnect all active connections if client is connected to zGateway server.
For creating Endpoint Protection based access control, go to zGateway management console > Access control management and create an Access control type as Endpoint Protection.

Close all Existing connections and Keep VPN Session Safe
In access control management, create access control type Endpoint Protection. If close existing connections is enabled, when the user logs in previously connected external packets will be disconnected. If continue to block all external connections other than VPN is also turned ON, then no external connections are allowed. zGateway VPN client will keep checking for applications that are connected to external servers and will kill those applications.

Disable Internet for end users
In access control management, create access control with Endpoint Protection policy type. If Block Internet is enabled for the user, Internet access will be disabled for the user after login.

Do not allow login through internet proxies
If proxy is enabled on client machine’s browser, end user will not to be allowed to login to zGateway VPN Gateway.

Was this article helpful?
4.5 out of 5 stars
5 Stars 0%
4 Stars 100%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Table of Contents
Top