Jump to:navigation, search
Wiki

Security / VPN configuration

From Securepoint Wiki





























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden








{{var | Auswahl MobSec und Cloud Shield | * Falls Sicherheit aktivieren aktiv    ist, kann Cloud Shield bei Cloud Shield (Link zum Wiki-Artikel) solange nicht aktiviert werden

  • Falls Cloud Shield bei Cloud Shield aktiviert wird, wird automatisch Sicherheit aktivieren deaktiviert und lässt sich solange nicht aktivieren
  • Bei Profilen, welche vor Version 2.3 angelegt wurden sind und bei denen Sicherheit aktivieren und Cloud Shield aktiv sind, werden diese Schaltflächen als inaktiv dargestellt
    Kann gelöst werden, wenn unter Anwendungen eine der beiden Apps entfernt wird

| * If Activate security is active   , Cloud Shield can be activated at Cloud Shield (Link to wiki article) until not activated

  • If ‘'Cloud Shield’' is activated at Cloud Shield, ‘'Activate security’' is automatically deactivated and cannot be activated until ‘’'not'‘’' activated
  • For profiles that were created before version 2.3 and where Activate security and Cloud Shield are active, these buttons are displayed as inactive
    Can be solved if one of the two apps is removed under Applications}














Profile configuration the Security / VPN tab

Last adaptation to the version: 2.12(12.2025)

New:
notempty
This article refers to a Beta version
Access: portal.securepoint.cloud  Mobile Security iOS/iPadOS Profile  Tab Security / VPN

Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:



Security iOS

Security / VPN


In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden




























Caption Value Description
Allow Suspend Always-On-VPN   
  • Allows the user to temporary disable the VPN-Connection
  • If not activated manually, the VPN will resume at a time chosen by the user
Allow other VPN profiles   
  • Allows adding other VPN profiles in addition to the security profile
Authentication required after app start notempty
New as of 2.1
  • Requirement for this feature: App version 3.1
    		•    
    • If activated, authentication (PIN or biometric) is required when starting the app
    • This must be set by the user
    Activate security
    		  
    • To be able to use Mobile Security, the Securepoint VPN Client app is first installed automatically
    • This requires either a VPP license from the Apple Business Manager or an Apple ID on the device
      • notempty
        New as of: 2.12
         A corresponding message will be displayed if no VPP license is available: To use the Security / VPN feature, you need a VPP license for the Securepoint VPn Client app from Apple Business Manager
    • If Cloud Shield    is active, security cannot be enabled at the same time
      notempty
      New as of: 2.3
    Protocol TCP
    • Protocol used for VPN tunnel: TCP or UDP
    Portfilter Type Open
    • Filter network traffic based on network ports:
    • all ports are open
    Closed
    • Only port 80 (http) and 443 (https) are enabled
    Selection
    • Port filter rule selection: Specify which port collections are open for network traffic:





    Port-Collection Port Protocol Application
    Administrative Tools 21 TCP ftp
    3389 TCP ms-rdp
    23 TCP telnet
    5900 TCP vnc
    22 TCP ssh
    5938 TCP/UDP teamviewer
    Communication 3478-3481 UDP Skype
    49152-65535 UDP
    49152-65535 TCP
    5222 TCP Google Push-Notifications
    5223 UDP
    5228 TCP
    VOIP 5060 UDP SIP/RTP
    7070-7089 UDP
    VPN 1194 TCP OpenVPN
    1194 UDP
    500 UDP IPSec
    4500 UDP & ESP
    1701 UDP L2TP
    Mail 25 TCP smtp
    587 TCP
    465 TCP smtps
    110 TCP pop3
    995 TCP
    143 TCP imap
    993 TCP
    SSL interception Default
    • Defines whether or not to intercept SSL traffic
    • The default value is to intercept traffic based on content filter response
    Content-Filter Allowlist Add entries
    • Click box: Web pages that are to be added to a allowlist
    • Possible entries: Contentfilter
    Content-Filter Blocklist Add entries
    • Click box: Websites that are to be added to a blocklist
    Disable for SSIDs Add SSIDs
    • Enter WLAN SSIDs for which the security features shall be disabled
    Disable for IP addresses Add IPs
    • IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24
    • For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys
    Exclude local WLAN from VPN   
    • If enabled, a route is added that excludes the local WLAN IP range from the tunnel
    Security settings
    VPN-Configurations
    notempty
    New as of: 1.32

    Shows a list of all Roadwarrior connections that are connected to this profile.
    New connections can be created via  Unified Network Console VPN Configurations .
    For more information, see the following wiki article.
    Roadwarrior: Alias name of the roadwarrior connection, the transfer network, the core UTM and the IPs used.
    Clicking on the alias name redirects to the corresponding VPN configuration.
    VPN on Demand:    If    is activated, this connection is started immediately if it is selected as the active connection.
    If the connection is interrupted, it is automatically restarted.
    This setting can be changed on the device by the user afterwards.
    Retrieved from "https://wiki.securepoint.de/index.php?title=MS/deployment/profile/sicherheit&oldid=99778"