WatchGuard FireClient for Android
Together, WatchGuard FireClient and your WatchGuard Mobile Security subscription make sure that only mobile devices that meet minimum approved standards can get access to your network through Wi-Fi or a VPN connection. Before your mobile device is allowed to join the network, FireClient verifies that your device is not infected with malware, verifies the minimum OS version is installed on your device, and confirms that your device has not been rooted.
These instructions are also available in the WatchGuard Knowledge Base article Use WatchGuard FireClient for Android.
Before You Begin
FireClient is supported on Android 4.1 and higher. You must install the FireClient app from the Google Play store before you connect to a network that requires it.
To use FireClient on a network, you must have this information:
- The name or IP address of the server that FireClient connects to
- A user name and password to authenticate to the network
Your network administrator can enable one or more of these authentication servers to be used for authentication: a RADIUS server, an Active Directory server, or the Firebox. If your network supports more than one type of authentication, it might be necessary for you to include the authentication server or domain name with your user name in FireClient. If this is required, you must specify your user name in this format:
For example, if your user name is j_smith:
- Firebox — Firebox-DB\j_smith
- Active Directory server (ad1_example.com) — ad1_example.com\j_smith
- RADIUS server — radius\j_smith
Your administrator should provide the authentication credentials you must use for FireClient connections to your network.
You must use FireClient to check your mobile device for compliance each time you connect to a network that requires it.
- Use Wi-Fi or a VPN client to connect your mobile device to the network.
- Launch the FireClient app.
The Connect page appears.
- Type the server name or IP address, and tap Connect.
The Login page appears. Login is not required if you use a VPN to connect.
- Type your user name and password for this network.
- To enable FireClient to remember your user name the next time you log in, select the Remember username check box.
- Tap Login.
- If a Device Authorization Agreement appears, review it, and tap Accept.
FireClient checks mobile device for compliance and shows the connection and compliance status.
After you log in, FireClient shows the compliance status:
- Compliant — Your mobile device complies with the security requirements and is allowed to use this network. For your device to remain compliant, do not close FireClient while you are connected to the network.
- Unknown — This status appears while the compliance check is in progress. If you see this status when a compliance check is not in progress, verify that your device is connected to Wi-Fi or has a VPN connection to the network that requires FireClient.
- Not Compliant — Your mobile device does not comply with security requirements and cannot use this network.
If your device is not compliant, the reason appears in FireClient. Possible reasons include:
- OS version not allowed — This network does not allow the OS version installed on your mobile device. Tap the reason message to see the currently installed OS version and the allowed OS versions. You must upgrade your mobile device to an allowed version to use this network.
- Your device is rooted — Rooted mobile devices are not allowed on this network. You must unroot the device to use this network.
- Your device allows applications from unknown sources — This network does not allow connections from a mobile device that allows applications from unknown sources. Tap the reason message in FireClient to go to the Android Settings page where you can disable application installation from unknown sources.
- USB debugging is enabled — This network does not allow connections from an Android device that has USB debugging enabled. Tap the reason message in FireClient to go to the Android Settings page where you can disable USB debugging.
- An application threat was found — FireClient found an installed application or application installation (APK) file that is categorized as malware, riskware, or adware. Tap the reason message to see and remove the app or file that is not compliant.
If the compliance status is not Compliant, your mobile device cannot connect to network resources or the Internet.
If your mobile device is not compliant, resolve the reported issue. You can then tap Recheck to run the compliance check again.
To end your FireClient session, or to reconnect as a different user, tap Logout.
More about the FireClient App
To select a page in FireClient, tap an icon at the top of FireClient.
The navigation icons, from left to right, are:
- FireClient — The home page that shows the connection and compliance status
- Information— Shows details about your connection and mobile device
- Diagnostics — Shows FireClient log messages
- About — Shows information about the FireClient app
The Home page is always selected after you authenticate.
The Information page shows details about your connection and device. The Connection information section includes the server IP address, your user name, and when you logged in. The Device information section includes information about your mobile device, the last compliance status for the device, and the IP address assigned to your device.
FireClient saves log messages to a text file in the FireClient folder on your mobile device. You can see the log file on the Diagnostics page in FireClient. If FireClient has an error, your administrator could ask you to send a copy of the log file.
To see the FireClient log file:
- Tap the Diagnostics icon.
The Diagnosis page appears.
- Tap Log.
The Log page appears.
- To send or share the log file, tap the icon at the top-right corner.
A list of available options to share the log file appears.
- Tap an option to select it.
The options depend on your mobile device and which apps are installed. For example, you could use email, messaging, or the clipboard to send or copy the log file.
- To specify when to use an option, tap Just Once to use this option only one time, or tap Always to use this option to share the log file in the future.
The selected application opens.Tip!If you tap Always, FireClient sets the selected app as the default app to send the log file in the future. To clear this default, you must clear the Launch by Default setting for the selected app in the settings on your Android device.
- Use the selected option to send, copy, or share the log file with your network administrator.
FireClient Device Protection
After FireClient has confirmed your mobile device is compliant, FireClient periodically scans your device for new application threats. If an application is found that is not compliant, FireClient asks you to remove it so your device can remain compliant.
For your device to remain compliant, do not close FireClient while you are connected to the network.