Profile configuration the Security tab
Last adaption: 11.2022
notemptyThis article refers to a Resellerpreview
Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:
Security iOS
Security
Numerous settings are configured, that control the security of web applications.
Configuration by clicking on Activate security
Operation |
Default |
Description
|
Protocol |
TCP |
Protocol used for VPN tunnel. TCP or UDP
|
Portfilter Type |
Open |
Filter network traffic based on network ports.all ports are open
|
Closed |
Only port 80 (http) and 443 (https) are enabled.
|
Selection |
Port filter rule selection: Specify which port collections are open for network traffic:
|
Port-Collection |
Port |
Protocol |
Application
|
✕ Administrative Tools |
21 |
TCP |
ftp
|
3389 |
TCP |
ms-rdp
|
23 |
TCP |
telnet
|
5900 |
TCP |
vnc
|
22 |
TCP |
ssh
|
5938 |
TCP/UDP |
teamviewer
|
✕ Communication |
3478-3481 |
UDP |
Skype
|
49152-65535 |
UDP
|
49152-65535 |
TCP
|
5222 |
TCP |
Google Push-Notifications
|
5223 |
UDP
|
5228 |
TCP
|
✕ VOIP |
5060 |
UDP |
SIP/RTP
|
7070-7089 |
UDP
|
✕ VPN |
1194 |
TCP |
OpenVPN
|
1194 |
UDP
|
500 |
UDP |
IPSec
|
4500 |
UDP & ESP
|
1701 |
UDP |
L2TP
|
✕ Mail |
25 |
TCP |
smtp
|
587 |
TCP
|
465 |
TCP |
smtps
|
110 |
TCP |
pop3
|
995 |
TCP
|
143 |
TCP |
imap
|
993 |
TCP
|
|
|
SSL interception |
Default |
Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
|
Content-Filter Allowlist |
Add entries |
Click box: Web pages that are to be added to a allowlist. Possible entries: Contentfilter
|
Content-Filter Blocklist |
Add entries |
Click box: Websites that are to be added to a blocklist.
|
Disable for SSIDs |
Add SSIDs |
Enter WLAN SSIDs for which the security features shall be disabled.
|
Disable for IP addresses |
Add IPs |
IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
|
Allow Suspend Always-On-VPN |
|
Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user. | Appconfiguration |
Allow other VPN profiles |
|
Allows adding other VPN profiles in addition to the security profile
|
Exclude local WLAN from VPN |
|
If enabled, a route is added that excludes the local WLAN IP range from the tunnel.
|
|
Security settings
|
|