Page tree

Contents

When applying security policies to multiple BloxOne Endpoint devices, you can make the process more efficient by organizing the endpoint devices into BloxOne Endpoint groups, and then add the groups to the network scope when you create a security policy. Note that BloxOne comes with a default endpoint group called All BloxOne Endpoints (default) that is associated with the default global policy. You can assign an endpoint to an existing custom endpoint group at the time of its installation, thus bypassing its default assignment to the All BloxOne Endpoints group. BloxOne Endpoint can authenticate access by using a third-party identify provider (IdP) to enforce security policies within an endpoint group. You cannot modify or remove the default endpoint group. An endpoint group can have up to 250,000 endpoints assigned to it. 

An endpoint can be assigned to an existing custom endpoint group rather than being assigned to the default endpoint group at the time it is installed. Metadata indicating the name of the custom endpoint group to which the newly installed endpoint has been assigned can be viewed in the endpoint service logs.

To create BloxOne Endpoint groups, complete the following:

  1. From the Cloud Services Portal, click Manage > Endpoints.
  2. On the Endpoints page, select the Endpoint Groups tab, and then click the Create button.
  3. On the Create Endpoint Group page, complete the following:
    • Endpoint Group Name (required): This is a required field. Enter a name for the BloxOne Endpoint group. Ensure that you enter a unique name for each endpoint group.
    • Description: Enter a brief description about the group.
    • Associated Policy: This field displays the associate security policy when you add the group to the policy. It shows Default Global Policy by default.
    • State: Endpoint group state is set to disabled by default. Toggle the switch to the right to Enable Endpoints.  
    • Automatically remove endpoints after a period of inactivity: To automatically remove endpoints due to inactivity, enter a value from 1 to 180. If you specify 0, automatic removal will be disabled. If you specify 180, BloxOne Endpoint will monitor the status of inactive endpoints for 180 days and then remove the remaining inactive endpoints.   
    • Authentication Settings:
      • Session TTL: Specify the period of time the session is to persist. The default is 8 hours. 
      • Authentication Server Port: Specify the server port that will be used to authenticate the endpoint group. The default port is 9094.
      • Authentication Profile: Click Select Authentication Profile to enable authentication. select an authentication profile from the list of profiles available for use with the endpoint group. The available authentication protocols are SAML and OpenID Connect. For more information, see Adding an Authentication Profile to an Endpoint Group to Enforce a Security Policy.
    • Internal Domains List:
      • To add an internal domains list to an Endpoint Group, complete the following:
        • Click the Add button to call up the list of available internal domains.
        • From the Select List under the NAME column, choose an internal domains list to add it to the endpoint group.
        • For information on using internal domains lists with an endpoint group, see Adding Internal Domains to an Endpoint Group.
    • Bypass Mode: By enabling BloxOne Endpoint bypass mode for a BloxOne Endpoint group, you can define your own domain and response for On-Prem DNS service protected by DNS Firewall. For information on enabling bypass mode see BloxOne Endpoint Bypass Mode. To enable Bypass Mode for an endpoint group, complete the following:
      • State: Toggle the State switch to Enable from the default disable state to enable bypass mode for the endpoint group.
      • Internal Domains List: Click Add to select an add an internal domains list from the Select List options.
      • FQDN: Use the default FQDN or a custom FQDN.
      • TXT Record: Use the default TXT Record or a custom TXT record by clicking Generate random TXT record.
    • Management PasswordsBy enabling BloxOne Management Passwords for a BloxOne Endpoint group, you can protect your endpoint group configuration from unapproved changes. To enable the management of passwords for an endpoint group, complete the following:

      • State: Toggle the State switch to Enable from the default disable state to enable password management for the endpoint group.
      • Management Password: Add a password to your endpoint group configuration. The password must be used to gain access to the end point group configuration in order to make changes to the existing configuration. Alternatively, you can click Generate random password to use a system generated password. in all cases, remember to save the password elsewhere since once the password is saved, it cannot be viewed in the Cloud Services Portal again. The management password must contain a minimum of 8 characters including one uppercase letter, one lower case letter, one numeral, and one special character. Do note that the management password is required to disable or stop BloxOne Endpoint service or to uninstall BloxOne Endpoint. 

        NOTE: To reset a password, disable password management by toggling the State switch to the disabled position and save the configuration. Now you can go in and apply a new management password and resave the configuration.

    • Schedule Updates: You can update endpoint groups automatically or defer updates from 1 to 30 days. Deferring can be useful when you want to validate the release of a new endpoint on a few devices prior to updating the endpoint for all users on your network. To schedule an update, specify the following:
      • Automatic Updates: Select this option to have updates installed automatically.
      • Schedule Updates: Select this option to manually choose the day, time, and duration for updates.
        • Day & Time: Schedule a day and time for updates. 
        • Duration: Specify the period of time the system will attempt to perform an update. Select 4 to 10 hours, in one-hour increments. 
      • Defer Updates: Toggle the Disable/Enable switch. You can choose to defer updates for up to four weeks. This option is available only for endpoint groups where automatic updates are enabled. 

4. Click Save to save the current configuration and proceed to the next configuration screen, or click Save & Close to complete the endpoint group creation process. 

For information on moving a BloxOne endpoint to an endpoints group. see Moving a BloxOne Endpoint to an Endpoint Group.

To view addition information on endpoint groups, see the following:


  • No labels

This page has no comments.