Managing non-compliant computers with Dell Kace and Sonicwall

The purpose of this document is to assist Kace and Sonicwall customers in utilizing the two solutions together to create a more effective and efficient security/management solution for remote or vpn connected users.

The document will cover the basic setup, however as you progress you will find additional use cases for the combined technologies.  The steps outlined cover the scenario where a user is non-compliant due to not having the Kace agent installed.  The idea is once the Kace agent is installed you can then implement more stringent compliance measures to react to threats (e.g. blocking java based on the recent java exploit). 

Policy Workflow

Instructions

1. 1.       Configure SSL VPN to block connections that do not have the Kace agent installed.  (for specific help with Sonicwall configuration see “Help” in the upper right corner of the SSL  VPN interface)

a)      Create a device profile definition where you are looking for the Application AMPAgent.exe.  (optionally you can also look for the ssl key from Kace)

b)      Create an End Point Control Deny and Quarantine Zone (optionally create a java deny for the recent java exploit)

c)       Add the Kace Agent Deny zone to your realm (* create a test realm so you do not disrupt users during testing).

1. 2.        Test and customize.

a)      Create software packages and scripts for the end user to select and install in order to be compliant

b)      Message the end user via Kace agent that they are now compliant and can try to reconnect

Summary

The integration of Sonicwall and Kace can enable enterprises to tighten security controls without losing productivity.  The security of Sonicwall and control of Kace enable smooth transition from non-compliant to compliant.

Any questions or comments are encouraged, we are in the initial stages of Dell Sonicwall / Dell Kace integration plans.  Stay tuned for more.