Skip to main content

Mobile protection

Supported platforms

Security for Mobile supports the following types of mobile devices and operating systems:

  • Apple iPhones and iPad tablets (from iOS 8.1 to iOS 11)

  • Google Android smartphones and tablets (from version 4.0.3 to version 9)

Connectivity requirements

Mobile devices must have an active cellular data or Wi-Fi connection and connectivity with the communication server appliance.

Push notifications

Security for Mobile uses push notifications to alert mobile clients when policy updates and tasks are available. Push notifications are sent by the communication server appliance via the service provided by the operating system manufacturer:

  • Firebase Cloud Messaging (FCM) service for Android devices. For FCM to work, the following are required:

    • Google Play Store must be installed.

    • Devices running Android 4.1 or higher.

    • To send push notifications, a number of ports must be open.

  • Apple Push Notifications service (APNs) for iOS devices. For more information, refer to this Apple KB article.

You can check whether mobile push notifications are working correctly in the Mobile Push Notifications Check section in Configuration > Miscellaneous.

To learn more about GravityZone Mobile Device Management workflow, please refer to Mobile Device Management workflow.

iOS management certificates

To set up the infrastructure for iOS mobile device management, you must provide a number of security certificates.

For more information, refer to Certificates.

Configure external address for the communication server appliance

In the default GravityZone setup, mobile devices can be managed only when they are directly connected to the corporate network (via Wi-Fi or VPN). This happens because when enrolling mobile devices they are configured to connect to the local address of the communication server appliance.

To be able to manage mobile devices over the Internet, no matter where they are located, you must configure the communication server appliance with a publicly reachable address.

To be able to manage mobile devices when they are not connected to the company network, you must configure port forwarding on the corporate gateway for the appliance running the Endpoint Communication Server and Endpoint Events Processing Server roles.

The communication server appliance can be configured from GravityZone CLI:

8134_1.png
8134_2.png
8134_3.png

Note

The address from the above image is just an example. You must use the following syntax: https://IP/Domain:port.