Profile configuration the Security / VPN tab
Last adaptation to the version: 2.1.7 (01.2025)
New:
notemptyThis article refers to a Resellerpreview
Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:
Security iOS
Security / VPN
| Caption |
Value |
Description
|
| Allow Suspend Always-On-VPN |
|
Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user.
|
| Allow other VPN profiles |
|
Allows adding other VPN profiles in addition to the security profile
|
| Authentifizierung nach App-Start erforderlich notempty New as of 2.1 Requirement for this feature: App version 3.1 |
|
Wenn aktiviert, ist eine Authentifizierung (PIN oder biometrisch) beim App-Start erforderlich. Diese muss der User festlegen.
|
| Activate security |
|
To be able to use Mobile Security, the "Securepoint VPN Client" app is first installed automatically. This requires either a VPP license from the Apple Business Manager or an Apple ID on the device.
|
| Protocol |
TCP |
Protocol used for VPN tunnel. TCP or UDP
|
| Portfilter Type |
Open |
Filter network traffic based on network ports.all ports are open
|
| Closed |
Only port 80 (http) and 443 (https) are enabled
|
| Selection |
Port filter rule selection: Specify which port collections are open for network traffic:
|
|
| Port-Collection |
Port |
Protocol |
Application
|
| Administrative Tools |
21 |
TCP |
ftp
|
| 3389 |
TCP |
ms-rdp
|
| 23 |
TCP |
telnet
|
| 5900 |
TCP |
vnc
|
| 22 |
TCP |
ssh
|
| 5938 |
TCP/UDP |
teamviewer
|
| Communication |
3478-3481 |
UDP |
Skype
|
| 49152-65535 |
UDP
|
| 49152-65535 |
TCP
|
| 5222 |
TCP |
Google Push-Notifications
|
| 5223 |
UDP
|
| 5228 |
TCP
|
| VOIP |
5060 |
UDP |
SIP/RTP
|
| 7070-7089 |
UDP
|
| VPN |
1194 |
TCP |
OpenVPN
|
| 1194 |
UDP
|
| 500 |
UDP |
IPSec
|
| 4500 |
UDP & ESP
|
| 1701 |
UDP |
L2TP
|
| Mail |
25 |
TCP |
smtp
|
| 587 |
TCP
|
| 465 |
TCP |
smtps
|
| 110 |
TCP |
pop3
|
| 995 |
TCP
|
| 143 |
TCP |
imap
|
| 993 |
TCP
|
|
|
| SSL interception |
Default |
Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
|
| Content-Filter Allowlist |
Add entries |
Click box: Web pages that are to be added to a allowlist. Possible entries: Contentfilter
|
| Content-Filter Blocklist |
Add entries |
Click box: Websites that are to be added to a blocklist.
|
| Disable for SSIDs |
Add SSIDs |
Enter WLAN SSIDs for which the security features shall be disabled.
|
| Disable for IP addresses |
Add IPs |
IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
|
| Exclude local WLAN from VPN |
|
If enabled, a route is added that excludes the local WLAN IP range from the tunnel.
|
|
 Security settings
|
|
|
VPN-Konfigurationen
|
| notempty New as of: 1.32
Zeigt eine Auflistung sämtlicher Roadwarrior-Verbindungen an, die mit diesem Profil verbunden sind.
Über können neue Verbindungen erstellt werden.
Weitere Informationen sind im folgendem Wiki-Artikel zu finden.
|
| Roadwarrior: |
Aliasname der Roadwarrior-Verbindung, das Transfernetz, die Core-UTM und die benutzten IPs.
Per Klick auf den Aliasnamen erfolgt eine Weiterleitung auf die entsprechende VPN-Konfiguration.
|
| VPN on Demand: |
|
Bei Aktivierung wird diese Verbindung sofort gestartet, wenn sie als aktive Verbindung ausgewählt wird.
Bei einem Verbindungsabbruch wird sie automatisch neu gestartet.
Diese Einstellung kann auf dem Gerät vom Benutzer selbst anschließend verändert werden.
|
|
|
