Configure TDR Host Sensor Enforcement

This topic explains how to configure TDR Host Sensor Enforcement. To understand how this feature works, see About TDR Host Sensor Enforcement.

Before You Begin

Before you configure TDR Host Sensor Enforcement, you must:

  1. Verify operating system compatibility
    TDR Host Sensor Enforcement supports Windows and macOS operating systems included in the Operating System Compatibility Matrix section of the Fireware Release Notes.
  1. Configure your TDR account
    Your Firebox must have an active TDR subscription. To configure TDR, see Quick Start — Set Up TDR.
  1. Install TDR Host Sensor
    To apply Host Sensor Enforcement to a mobile VPN device, you must install the TDR Host Sensor application on that device. You can install TDR Host Sensor manually or automatically. For more information about TDR Host Sensor installation, see Manage TDR Hosts and Host Sensors.
  1. Configure at least one mobile VPN
    The Firebox supports Host Sensor Enforcement for all mobile VPN types. For more information about mobile VPNs, see Mobile VPN Tunnels.
  1. Configure mobile VPN user groups
    To enable Host Sensor Enforcement for Windows or macOS mobile users on a network with Android or iOS mobile users, create separate mobile VPN user groups. For example:
  • Create a user group called Windows and macOS users.
  • Create a user group called Android and iOS users.

The Mobile VPN section in this topic explains how to apply Host Sensor Enforcement to user groups.

Configure TDR Host Sensor Enforcement

You must enable TDR Host Sensor Enforcement in multiple locations:

  • TDR — Host Sensor settings
  • Firebox
    • Host Sensor Enforcement settings
    • Mobile VPN settings

Configure Host Sensor Enforcement in TDR

First, enable Host Sensor Enforcement in your TDR account and generate an authentication key:

  1. Log in to your TDR account.
  2. Select Settings > Host Sensor.
  3. Turn On Host Sensor Enforcement.
  4. Specify a TDR authentication key manually or click Generate to generate a random authentication key.

Screen shot of the Host Sensor Enforcement settings in the TDR Web UI

Configure Host Sensor Enforcement on the Firebox

Next, configure Host Sensor Enforcement on the Firebox:

Configure Host Sensor Enforcement for the Mobile VPN

Next, enable Host Sensor Enforcement for one or more mobile VPN groups. You cannot enable Host Sensor Enforcement for individual mobile VPN users.

To enable Host Sensor Enforcement for Windows and macOS mobile users on a network with Android or iOS mobile users, apply Host Sensor Enforcement to separate mobile VPN user groups.

For example:

  • Windows and macOS users— Enable Host Sensor Enforcement for this group.
  • Android and iOS users— Keep Host Sensor Enforcement disabled for this group.
  • IKEv2-Users — Keep Host Sensor Enforcement disabled for this default VPN group.

If you select the Select check box for a group, the Firebox adds that group to the default group (IKEv2-Users, SSLVPN-Users, L2TP-Users, or IPSec-Users). If you enable Host Sensor Enforcement for only some groups that are part of the default group, keep enforcement disabled for the default group.

For a user who belongs to multiple mobile VPN groups, enforcement applies to that user if:

  • The mobile VPN groups are all part of the same mobile VPN configuration, and
  • You enable Host Sensor Enforcement for only some of those groups.

For example, if a user belongs to two Mobile VPN with IKEv2 groups, but you enable enforcement for one only of those groups, enforcement applies to that user.

For a user who belongs to multiple groups that are part of different mobile VPN configurations, if Host Sensor Enforcement is enabled for only some of the groups, enforcement applies to that user for only some types of mobile VPN connections. For example:

  • If a user is part of the IKEv2-Users and SSLVPN-Users groups, and you enable enforcement only for IKEv2-Users, enforcement applies to that user only for Mobile VPN with IKEv2 connections.
  • Enforcement does not apply to that user for Mobile VPN with SSL connections.

Mobile VPN with IKEv2:

Mobile VPN with L2TP:

Mobile VPN with SSL:

Mobile VPN with IPSec:

See Also

Troubleshoot TDR Host Sensor Enforcement

About TDR Host Sensor Enforcement

About TDR

Quick Start — Set Up TDR

Enable TDR on Your Firebox