Mobile protection
Supported platforms
Security for Mobile supports the following types of mobile devices and operating systems:
Apple iPhones and iPad tablets (from iOS 8.1 to iOS 11)
Google Android smartphones and tablets (from version 4.0.3 to version 9)
Connectivity requirements
Mobile devices must have an active cellular data or Wi-Fi connection and connectivity with the Communication Server.
Push notifications
Security for Mobile uses push notifications to alert mobile clients when policy updates and tasks are available. Push notifications are sent by the Communication Server via the service provided by the operating system manufacturer:
Firebase Cloud Messaging (FCM) service for Android devices. For FCM to work, the following are required:
Google Play Store must be installed.
Devices running Android 4.1 or higher.
To send push notifications, a number of ports must be open.
Apple Push Notifications service (APNs) for iOS devices. For more information, refer to this Apple KB article.
You can check whether mobile push notifications are working correctly in the Mobile Push Notifications Check section in Configuration > Miscellaneous.
To learn more about GravityZone Mobile Device Management workflow, please refer to Mobile Device Management workflow.
iOS management certificates
To set up the infrastructure for iOS mobile device management, you must provide a number of security certificates.
For more information, refer to Certificates.
Configure external address for Communication Server
In the default GravityZone setup, mobile devices can be managed only when they are directly connected to the corporate network (via Wi-Fi or VPN). This happens because when enrolling mobile devices they are configured to connect to the local address of the Communication Server appliance.
To be able to manage mobile devices over the Internet, no matter where they are located, you must configure the Communication Server with a publicly reachable address.
To be able to manage mobile devices when they are not connected to the company network, you must configure port forwarding on the corporate gateway for the appliance running the Communication Server role.
The Communication Server can be configured from GravityZone CLI:
Note
The address from the above image is just an example. You must use the following syntax: https://IP/Domain:port
.