Profile configuration the Security tab
Last adaption: 11.2022
notemptyThis article refers to a Resellerpreview
Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:
Security iOS
Security
|
Numerous settings are configured, that control the security of web applications.
Configuration by clicking on Activate security
| Operation |
Default |
Description
|
| Protocol |
TCP |
Protocol used for VPN tunnel. TCP or UDP
|
| Portfilter Type |
Open |
Filter network traffic based on network ports.all ports are open
|
| Closed |
Only port 80 (http) and 443 (https) are enabled.
|
| Selection |
Port filter rule selection: Specify which port collections are open for network traffic:
|
|
| Port-Collection |
Port |
Protocol |
Application
|
| ✕ Administrative Tools |
21 |
TCP |
ftp
|
| 3389 |
TCP |
ms-rdp
|
| 23 |
TCP |
telnet
|
| 5900 |
TCP |
vnc
|
| 22 |
TCP |
ssh
|
| 5938 |
TCP/UDP |
teamviewer
|
| ✕ Communication |
3478-3481 |
UDP |
Skype
|
| 49152-65535 |
UDP
|
| 49152-65535 |
TCP
|
| 5222 |
TCP |
Google Push-Notifications
|
| 5223 |
UDP
|
| 5228 |
TCP
|
| ✕ VOIP |
5060 |
UDP |
SIP/RTP
|
| 7070-7089 |
UDP
|
| ✕ VPN |
1194 |
TCP |
OpenVPN
|
| 1194 |
UDP
|
| 500 |
UDP |
IPSec
|
| 4500 |
UDP & ESP
|
| 1701 |
UDP |
L2TP
|
| ✕ Mail |
25 |
TCP |
smtp
|
| 587 |
TCP
|
| 465 |
TCP |
smtps
|
| 110 |
TCP |
pop3
|
| 995 |
TCP
|
| 143 |
TCP |
imap
|
| 993 |
TCP
|
|
|
| SSL interception |
Default |
Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
|
| Content-Filter Allowlist |
Add entries |
Click box: Web pages that are to be added to a allowlist. Possible entries: Contentfilter
|
| Content-Filter Blocklist |
Add entries |
Click box: Websites that are to be added to a blocklist.
|
| Disable for SSIDs |
Add SSIDs |
Enter WLAN SSIDs for which the security features shall be disabled.
|
| Disable for IP addresses |
Add IPs |
IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
|
| Allow Suspend Always-On-VPN |
|
Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user. |
Appconfiguration |
| Allow other VPN profiles |
|
Allows adding other VPN profiles in addition to the security profile
|
| Exclude local WLAN from VPN |
|
If enabled, a route is added that excludes the local WLAN IP range from the tunnel.
|
|
 Security settings
|
|
|
