Contents

Configure Mobile Security Device Compliance

In the Mobile Security configuration, on the Device Compliance tab, you configure the compliance settings for Android and iOS devices, and configure how Mobile Security sets the compliance status for mobile devices that reconnect.

Before you configure Mobile Security device compliance, you must Enable Mobile Security.

Configure Device Compliance Settings for Android Devices

When you configure the Device Compliance settings for Android devices, you can specify which OS version are compliant . You can also choose whether to allow devices that are rooted, devices that have USB debugging enabled, or devices that allow installation of applications from unknown sources. You can also specify whether to allow connections from devices that have potentially insecure applications installed.

When mobile devices use FireClient to connect to your network, FireClient downloads the compliance settings you specified and uses them to assess whether the mobile device is compliant.

When Mobile Security is configured to not allow application types that are Malware or Adware/Riskware, an Android device is not compliant if it contains installed applications or APK (Android application package) files categorized as malware, adware, or riskware. FireClient can detect APK files within compressed archive files such as .zip. gz, rar, and .jar files.

Configure Device Compliance Settings for iOS Devices

When you configure the Device Compliance settings for iOS devices, you can specify which OS versions are compliant, and choose whether or not to allow connections to your network from devices that are jailbroken.

Configure Reconnection Settings

You can specify how Mobile Security sets the compliance status for mobile clients that reconnect to the network. Mobile Security has two options for how to manage clients that disconnect and reconnect.

Set device compliance status to Unknown until the compliance check has been completed

If a mobile device disconnects and reconnects, FireClient sets the device compliance status to Unknown. When the mobile device reconnects, FireClient completes a new compliance check and sends the result to the Firebox. While the compliance status is Unknown, traffic from that client is dropped.

This is the most aggressive compliance check option, and is selected by default.

Keep the previous compliance status if the client reconnects before the grace period expires.

If a mobile device reconnects within the specified grace period, FireClient sends the result of the most recent compliance check to the Firebox and starts a new compliance check. When the new compliance check is complete, FireClient sends the result to the Firebox. If the mobile device reconnects after the specified grace period has expired, FireClient completes a new compliance check and sends that result to the Firebox.

Select this option to reduce dropped traffic for clients that reconnect. If you choose this option, you can specify the grace period. The default grace period is 3600 seconds (1 hour).

See Also

Configure Mobile Security Enforcement

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search