• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

Device Posture Check

SonicWall Cloud Edge Device Posture Check (DPC) allows administrators to ensure that only devices that comply with their predefined security policies can connect using a SonicWall Cloud Edge agent to a Network, and gives them the reporting they need to ensure that Networks stay secure while Members can easily access the resources they need.

Device Posture Check performs checks on the connecting device either once upon connecting, or continuously at intervals chosen by the administrator.

Policies can differentiate between different members or member groups, further ensuring that sensitive Networks and resources are protected with an extra layer of security.

For example, administrators can allow access to Networks only from devices that are complying with one or more of the following policies:

• The presence of specific antivirus software on the device
• Whether a specific (authorization) file can be found on the device.
• Whether the device’s storage is encrypted.
• Whether a device holds the appropriate certificate (as defined by the administrator).

Add Device Posture Check profiles

You can set device profiles per operating system. Each profile can apply to a specific Group, operating system or both.

The Device Posture Check profiles will be applied to all Networks in your SonicWall Cloud Edge tenant.

In order to add a Device Posture Check profile:

1. Navigate to Devices > Posture Check.
2. Click on (+) Add Profile.
3. Enter a Posture Check Profile Name.

4. Select the Group(s) that should comply with the profile.

   Check the All Users Group to apply the profile to all your SonicWall Cloud Edge users.

5. Select the suitable Runtime Schedule

   The Device Posture Check can be verified periodically while a Memeber is connected to a Network or with every connection to a Network.

   

Define Posture Check per OS

Administrators can define different profiles or requirments for different operating systems within the same profile or create seperate profiles for each operating system.

Each OS Profile can have one or more which must be met in order to gain access to Networks.

Windows:

1. Click Add OS to Profile

2. Select and Define Rules

   You can pick one of the following options:
   Antivirus - the SonicWall Cloud Edge agent will verify the presence of the selected Antivirus application.
   File-Exists - the SonicWall Cloud Edge agent will verify the presence of a specific file in a specific path.
   Disk Encryption - the SonicWall Cloud Edge agent will verify that the OS hard-drive is encrypted.
   

   Certificate - the SonicWall Cloud Edge agent will verify that a specific certificate's subject is installed on the device (in the local Windows CA store or MacOS Keychain)

   Registry - the SonicWall Cloud Edge agent will verify a specific registry key.

   (Example: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\New Key)

3. Click on Add Rule to OS (if needed)

   

MacOS:

1. Click Add OS to Profile

2. Select and Define Rules

   You can pick one of the following options:
   Antivirus - the SonicWall Cloud Edge agent will verify the presence of the selected Antivirus application.
   File-Exists - the SonicWall Cloud Edge agent will verify the presence of a specific file in a specific path.
   Disk Encryption - the SonicWall Cloud Edge agent will verify that the OS hard-drive is encrypted.

   Certificate - the SonicWall Cloud Edge agent will verify that a specific certificate is installed on the device (Mac Keychain).

3. Click on Add Rule to OS (if needed)

   

Linux:

1. Click Add OS to Profile

2. Select and Define Rules

   You can pick one of the following options:
   Antivirus - the SonicWall Cloud Edge agent will verify the presence of the selected Antivirus application.
   File-Exists - the SonicWall Cloud Edge agent will verify the presence of a specific file in a specific path.
   

3. Click on Add Rule to OS (if needed)
   

iOS:

1. Click Add OS to Profile

2. Select and Define Rules

   You can pick one of the following options:
   Allow - Mobile devices using the SonicWall Cloud Edge application will be allowed into Networks.
   Deny - Mobile devices using the SonicWall Cloud Edge application will be denied access into Networks.

3. Click on Add Rule to OS (if needed)

Android:

1. Click Add OS to Profile

2. Select and Define Rules

   You can pick one of the following options:
   Allow - Mobile devices using the SonicWall Cloud Edge application will be allowed into Networks.
   Deny - Mobile devices using the SonicWall Cloud Edge application will be denied access into Networks.

3. Click on Add Rule to OS (if needed)