Jump to:navigation, search
Wiki

Android configuration security / VPN

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden





























{{var | Auswahl MobSec und Cloud Shield | * Falls Securepoint Mobile Security aktiv    ist, kann Cloud Shield bei Cloud Shield (Link zum Wiki-Artikel) solange nicht aktiviert werden

  • Falls Cloud Shield bei Cloud Shield aktiviert wird, wird automatisch Securepoint Mobile Security deaktiviert und lässt sich solange nicht aktivieren
  • Bei Profilen, welche vor Version 2.3 angelegt wurden sind und bei denen Securepoint Mobile Security und Cloud Shield aktiv sind, werden diese Schaltflächen als inaktiv dargestellt
    Kann gelöst werden, wenn unter Anwendungen eine der beiden Apps entfernt wird

| * If Securepoint Mobile Security is active   , ‘'Cloud Shield’' can be activated at CloudShield (link to wiki article) until ‘’'not'‘’' activated

  • If ‘'Cloud Shield’' is activated for Cloud Shield, Securepoint Mobile Security is automatically deactivated and cannot be activated until not activated
  • For profiles that were created before version 2.3 and where Securepoint Mobile Security and Cloud Shield are active, these buttons are displayed as inactive
    Can be solved if one of the two apps is removed under Applications}











Android profile configuration in the "Security / VPN" menu item

Last adaptation to the version: 2.3.13

New:
notempty
This article refers to a Beta version
Access: portal.securepoint.cloud  Mobile Security Android Profile  Tab Security / VPN

Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:



Security / VPN

Security / VPN
notempty
The Security tab is only available if a Mobile Security license is present.
EMM licenses do not have VPN functionality that enables these security functions.
Caption Value Description
Security / VPN
Allow Suspend Always-On-VPN   
  • When activated    allows the user to temporarily deactivate the VPN
  • If the user does not reactivate it themselves, this will happen at the time selected by the user
Allow other VPN profiles    When activated   , the addition of other VPN profiles, in addition to the security profile, is permitted
Authentication required after app start
  • Requirement for this feature: App version 3.1
    		•    
    • When activated   , authentication (PIN or biometric) is required when starting the app
    • The user must set an authentication (PIN or biometric) to start the app
    Activate Securepoint Mobile Security
    		  
    • With Activation   , the Securepoint Mobile Security app is added in the Applications tab and can be configured here
      When deactivated   , the app is removed
    • This is required to configure the security settings
      notempty
      New as of: 2.3.13
       notempty
      On Android devices, Mobile Security cannot be activated at the same time as Cloud Shield, as only one VPN service can be active at a time.
    Protocol TCP The protocol TCP or UDP used for the VPN tunnel
    Portfilter Type Open Filter network traffic based on network ports.
    Closed Open Selection
    Port filter rule selection
    Appears when Port filter type Selection is selected    		 Communication VPN Specify which port collections are open for network traffic





    Port-Collection Port Protocol Application
    Administrative Tools 21 TCP ftp
    3389 TCP ms-rdp
    23 TCP telnet
    5900 TCP vnc
    22 TCP ssh
    5938 TCP/UDP teamviewer
    Communication 3478-3481 UDP Skype
    49152-65535 UDP
    49152-65535 TCP
    5222 TCP Google Push-Notifications
    5223 UDP
    5228 TCP
    VOIP 5060 UDP SIP/RTP
    7070-7089 UDP
    VPN 1194 TCP OpenVPN
    1194 UDP
    500 UDP IPSec
    4500 UDP & ESP
    1701 UDP L2TP
    Mail 25 TCP smtp
    587 TCP
    465 TCP smtps
    110 TCP pop3
    995 TCP
    143 TCP imap
    993 TCP
    SSL-Interception Default SSL traffic from web pages listed in the content filter allowlist is not intercepted, other pages are checked using SSL interception.
    Content-Filter Allowlist Updates and important services Click box: Web pages that are to be added to a allowlist. Possible entries: Contentfilter
    Content-Filter Blocklist HackingProxyThreat Intelligence Feed Click box: Websites that are to be added to a blocklist.
    Exclude local WLAN from VPN    If enabled   , a route is added that excludes the local WLAN IP range from the tunnel
    Disable VPN for SSIDs Add SSIDs Enter WiFi SSIDs for which the security features shall be disabled.
    Exclude IP addresses from VPN Add IPs Enter IP addresses or networks for which the security functions are to be bypassed, i.e. the individual host 222.222.222/32 or the entire subnet 123.123.123.0/24. Use the cursor keys to navigate within the mask
    Exclude apps from VPN Add package name Enter the package names of the apps that are to bypass the VPN service
    VPN Configurations
    Displays a list of all Roadwarrior connections that are connected to this profile.
    New connections can be created via  Unified Network Console VPN configurations .
    For more information, see the following Wiki article.
    Roadwarrior:
    • Alias name of the roadwarrior connection, the transfer network, the core UTM and the IPs used
    • Clicking on the alias name redirects to the corresponding VPN configuration
    Autostart:   
    • When activated   , this connection is started immediately if it is selected as the active connection
    • If the connection is interrupted, it is automatically restarted
    • This setting can be changed on the device by the user afterwards
      notempty
      On Android devices, Mobile Security cannot be activated at the same time as Cloud Shield, as only one VPN service can be active at a time.
    Retrieved from "https://wiki.securepoint.de/index.php?title=MS/deployment/profile/android/sicherheit&oldid=98308"