Page tree


When applying security policies to multiple BloxOne Endpoint devices, you can make the process more efficient by organizing the endpoint devices into BloxOne Endpoint groups, and then add the groups to the network scope when you create a security policy. Note that BloxOne comes with a default endpoint group called All BloxOne Endpoints (default) that is associated with the default global policy. You can assign an endpoint to an existing custom endpoint group at the time of its installation, thus bypassing its default assignment to the All BloxOne Endpoints group. You cannot modify or remove the default endpoint group. An endpoint group can have up to 250,000 endpoints assigned to it. 

An endpoint can be assigned to an existing custom endpoint group rather than being assigned to the default endpoint group at the time it is installed. Metadata indicating the name of the custom endpoint group to which the newly installed endpoint has been assigned can be viewed in the endpoint service logs.

To create BloxOne Endpoint groups, complete the following:

  1. From the Cloud Services Portal, click Manage -> Endpoints.
  2. On the Endpoints page, select the Endpoint Groups tab, and then click the Create button.
  3. On the Create Endpoint Group page, complete the following:
    • Endpoint Group Name: This is a required field. Enter a name for the BloxOne Endpoint group. Ensure that you enter a unique name for each endpoint group.
    • Description: Enter a brief description about the group.
    • Associated Policy: This field displays the associate security policy when you add the group to the policy. It shows Default Global Policy by default.
    • State: Endpoint group state is set to disabled by default. Toggle the switch to the right to Enable Endpoints.  
    • Internal Domains List:
      • To add an internal domains list to an Endpoint Group, complete the following:
        • Click the Add button to call up the list of available internal domains.
        • From the Select List under the NAME column, choose an internal domains list to add it to the endpoint group.
        • For information on using internal domains lists with an endpoint group, see Adding Internal Domains to an Endpoint Group.
    • Bypass Mode: By enabling BloxOne Endpoint bypass mode for a BloxOne Endpoint group, you can define your own domain and response for On-Prem DNS service protected by DNS Firewall. For information on enabling bypass mode see BloxOne Endpoint Bypass Mode. To enable Bypass Mode for an endpoint group, complete the following:
      • State: Toggle the State switch to Enable from the default disable state to enable bypass mode for the endpoint group.
      • Internal Domains List: Click Add to select an add an internal domains list from the Select List options.
      • FQDN: Use the default FQDN or a custom FQDN.
      • TXT Record: Use the default TXT Record or a custom TXT record by clicking Generate random TXT record.
      • Management Passwords: You can use a management password to protect BloxOne Endpoints from unauthorized interference by increasing control and security for your endpoint groups. Password protection prohibits actions such as the unsanctioned uninstallation of an endpoint group or unauthorized service stoppage. If an attempt is made to disable or stop BloxOne Endpoint service without administrative permission, then a message will be displayed requesting a password in order to proceed. You can also choose to disable password management entirely by toggling the State switch to the disabled position.
        To create a management password for the endpoint group, add your password to the Management Password field. Alternatively, you can click Generate random password to use a system generated password. Remember to save the password elsewhere since once the password is saved, it cannot be viewed in the Cloud Services Portal again. The management password must contain a minimum of 8 characters including one uppercase letter, one lower case letter, one numeral, and one special character. Do note that the management password is required to disable or stop BloxOne Endpoint service or to uninstall BloxOne Endpoint. 

NOTE: To reset a password, disable password management by toggling the State switch to the disabled position and save the configuration. Now you can go in and apply a new management password and save the configuration.  

To reset a password, disable password management and save the configuration. Now you can go in and apply a new management password.   

  1. Click Save & Close to create the endpoint group.

For information on moving a BloxOne endpoint to an endpoints group. see Moving a BloxOne Endpoint to an Endpoint Group.

To view addition information on endpoint groups, see the following:

  • No labels

This page has no comments.