Use Device Groups in Policies and Aliases

Mobile Security enables you to block traffic from Android and iOS devices that are not compliant with the compliance settings you specify for your network. To control traffic to and from Android and iOS devices, you can also use Device Groups in policies and aliases. Mobile Security must be enabled on the Firebox for it to identify Android and iOS devices and add Device Groups in policies.

Mobile Security is only available for Firebox M and T Series, FireboxV, and XTMv models.

Your Firebox has three predefined Device Groups for mobile devices.

  • Any-iOS — All iOS devices
  • Any-Android — All Android devices
  • Any-Mobile — All iOS and Android devices

Mobile devices are added to these Device Groups dynamically as the mobile devices connect to your network. You cannot edit these Device Groups and you cannot see a list of members. You can see which Device Groups each mobile device is a member of from the Mobile Security and Network Discovery Dashboard pages in Fireware Web UI. For more information, go to Mobile Security and Network Discovery.

Use a Device Group in a Policy

  1. Select Firewall > Firewall Policies.
  2. Add or edit a policy.
  3. In the policy From or To section, click Add.
    The Add Member dialog box appears.

Screen shot of the Add Member dialog box with Device Group selected

  1. From the Member Type drop-down list, select Device Group.
    A list of Device Groups appears.
  2. From the Member Type list, select an option:
    • Any-Mobile
    • Any-iOS
    • Any-Android
  3. Click OK.
    The Device Group is added to the policy.
  4. Click Save.
  1. Add or edit a policy.
  2. In the policy From or To section, click Add.
    The Add Address dialog box appears.
  3. Click Add Other.
    The Add Member dialog box appears.
  4. From the Choose Type drop-down list, select Device Group.

Screen shot of the Add Member dialog box with Device Group selected

  1. From the Group drop-down list, select an option:
    • Any-Mobile
    • Any-iOS
    • Any-Android
  2. Click OK.
    The Device Group is added to the Selected Members and Addresses list.
  3. Click OK.
    The device group is added to the policy.

Add a Device Group as a Member of an Alias

You can also add a Device Group as a member of an alias, and then specify that alias in policies on your Firebox.

  1. Select Firewall > Aliases.
  2. Add or edit an alias.
  3. In the Alias Members list, click Add.
    The Add Member dialog box appears.

Screen shot of the Add Member dialog box with Device Group selected

  1. From the Member Type drop-down list, select Device Group.
    A list of Device Groups appears.
  2. From the Member Type list, select an option:
    • Any-Mobile
    • Any-iOS
    • Any-Android
  3. Click OK.
    The Device Group is added to the alias.
  4. Click Save.
  1. Select Setup > Aliases.
    The Aliases dialog box appears.
  2. Add or edit an alias.
    The Add Alias or Edit Alias dialog box appears.
  3. Click Add.
    The Add Member dialog box appears.
  4. From the Choose Type drop-down list, select Device Group.
    The Add Member dialog box appears.

Screen shot of the Add Member dialog box with Device Group selected

  1. From the Group drop-down list, select an option:
    • Any-Mobile
    • Any-iOS
    • Any-Android
  2. Click OK.
    The Device Group is added to the alias.

Related Topics

About Aliases

About Mobile Security