Gateway

Advanced Endpoint Analysis Scans

Advanced End-point Analysis (EPA) is used for scanning user devices for the endpoint security requirement configured on a Citrix Gateway appliance. If a user device tries to access the Citrix Gateway appliance, the device is scanned for security information, such as operating system, antivirus, web browser versions and so forth before an administrator can grant access to the Citrix Gateway appliance.

The Advanced EPA scan is a policy-based scan that you can configure on a Citrix Gateway appliance for pre-authentication and post-authentication sessions. The policy performs a registry check on a user device and based on evaluation, the policy allows or denies access to the Citrix ADC network.

You can perform two types of EPA scan, OPSWAT scan and System scan. The following section explains the scan types and its details.

OPSWAT scan. The scan mechanism provides security at different levels such as:  

  • Product specific scan
  • Vendor specific scan
  • Generic scan

Product specific scan: You can configure scan criteria for a particular product (for example Avast! Free Antivirus) offered by a particular vendor (for example AVAST Software a.s.) for a category (for example Antivirus). The access is granted only to the computers fulfilling the specified criteria.**

Vendor specific scan: You can configure scan criteria for a particular vendor (for example AVAST Software a.s.) Of a category (for example Antivirus). The configured scan checks for the specified criteria across all the products offered by the vendor. The access is granted only to the computers fulfilling the specified criteria.

Generic scan: You can configure scan criteria for a particular category (for example Antivirus). The configured scan checks for the specified criteria across all the vendors and the products offered by the vendors. The access is granted only to the computers fulfilling the specified criteria.

System Scan. The System scan provides security for system level attributes such as MAC address. You can configure scan criteria for a system attribute (for example MAC Address). The access is granted only to the computers fulfilling the specified criteria.

Advanced Endpoint Analysis Scans