I've been tasked with blocking all Android devices from connecting to our VPN.
I don't see a way to block using the HC OS Checks. Appears to only let me choose which to allow (and I get messages when I leave the OS window unpopulated). - thought there being ALLOW none
Is there another (or better) way to block all Android devices from connecting?
You can try blocking specific User Agents in the Role options -
Users -> User Roles -> General -> Restrictions -> Browser
A list of Browser Agent types for Android can be found at the following locations -
This is more of a workaround, as some browsers do allow users to change the UserAgent, thereby bypassing this check, but it should catch most users.
You should be able to look for *JunosPulseAndroid* to block.
Note: This may change in the future with the migration of SA/MAG to Pulse Secure, LLC.
A Host Checker policy with no rules for Android would effectively block Android if the policy is enforced, would it not?
I tried this on my lab device and it is not possible. It states you must have one version that is allowed.
One more option is to have a OS Hostchecker policy that allows only Android version 1.6 and lower.
that will effectively rule out any Android device from connecting ever.
I guess i'll use that as a temp solution until I can figure out how to configure using the browser names and such.
Is there a doc on how to use custom checks?
What custom checks are you referring to?
In order to use "looks" for *JunosPulseAndroid* won't I need to make a custom HC check?
Kita, is this something that can be suggested for future versions? I.e. being able to deny by OS?