Profile configuration the Security tab
Last adaption: 05.2024
notemptyThis article refers to a Resellerpreview
Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:
Security iOS
Security
Numerous settings are configured, that control the security of web applications.
Configuration by clicking on Activate security
notemptyTo be able to use Mobile Security, the "Securepoint VPN Client" app is first installed automatically. This requires either a VPP license from the Apple Business Manager or an Apple ID on the device.
Operation |
Default |
Description
|
Protocol |
TCP |
Protocol used for VPN tunnel. TCP or UDP
|
Portfilter Type |
Open |
Filter network traffic based on network ports.all ports are open
|
Closed |
Only port 80 (http) and 443 (https) are enabled.
|
Selection |
Port filter rule selection: Specify which port collections are open for network traffic:
|
Port-Collection |
Port |
Protocol |
Application
|
✕ Administrative Tools |
21 |
TCP |
ftp
|
3389 |
TCP |
ms-rdp
|
23 |
TCP |
telnet
|
5900 |
TCP |
vnc
|
22 |
TCP |
ssh
|
5938 |
TCP/UDP |
teamviewer
|
✕ Communication |
3478-3481 |
UDP |
Skype
|
49152-65535 |
UDP
|
49152-65535 |
TCP
|
5222 |
TCP |
Google Push-Notifications
|
5223 |
UDP
|
5228 |
TCP
|
✕ VOIP |
5060 |
UDP |
SIP/RTP
|
7070-7089 |
UDP
|
✕ VPN |
1194 |
TCP |
OpenVPN
|
1194 |
UDP
|
500 |
UDP |
IPSec
|
4500 |
UDP & ESP
|
1701 |
UDP |
L2TP
|
✕ Mail |
25 |
TCP |
smtp
|
587 |
TCP
|
465 |
TCP |
smtps
|
110 |
TCP |
pop3
|
995 |
TCP
|
143 |
TCP |
imap
|
993 |
TCP
|
|
|
SSL interception |
Default |
Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
|
Content-Filter Allowlist |
Add entries |
Click box: Web pages that are to be added to a allowlist. Possible entries: Contentfilter
|
Content-Filter Blocklist |
Add entries |
Click box: Websites that are to be added to a blocklist.
|
Disable for SSIDs |
Add SSIDs |
Enter WLAN SSIDs for which the security features shall be disabled.
|
Disable for IP addresses |
Add IPs |
IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
|
Allow Suspend Always-On-VPN |
|
Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user. | Appconfiguration |
Allow other VPN profiles |
|
Allows adding other VPN profiles in addition to the security profile
|
Exclude local WLAN from VPN |
|
If enabled, a route is added that excludes the local WLAN IP range from the tunnel.
|
|
Security settings
|
|