Page tree

Contents

BloxOne Mobile Endpoint

Infoblox BloxOne Mobile Endpoint is a lightweight mobile cloud service for sending queries over an encrypted channel. Mobile Endpoint provides visibility into infected and compromised devices (including Android and iOS), prevents DNS-based data exfiltration and other forms of DNS tunneling, and impedes device communications with botnets and their command-and-control infrastructure.

To enable end users to connect to Infoblox cloud services, you must download and install the Endpoint client on their devices. The client enforces security policies that you apply to the remote networks, regardless of where the end users are and which networks they are connected. Note that BloxOne Mobile Endpoint is incompatible with other VPNs. 

With BloxOne Mobile Endpoint, all DNS queries other than those that target the bypassed domains and  internal domains collected through the DHCP server are sent to BloxOne Threat Defense Cloud directly. If you have internal domains that are served by your local DNS servers, and if you want to reach them without interruptions, then consider adding them to the list of bypassed internal domains, to ensure that DNS queries for these internal domains are sent to the local DNS servers instead of BloxOne Threat Defense Cloud.

BloxOne Mobile Endpoint supports  IPv4 DNS configurations, thereby protecting all devices, regardless of their network environments. This means roaming clients will be protected in different networking environments. When connected to a network, mobile endpoint can communicate with BloxOne Threat Defense Cloud by using both protocols. Mobile endpoint is able to proxy IPv4 DNS queries and forward them to BloxOne Threat Defense Cloud.

On the Viewing Endpoint Groups page, you can click Manage MDM to display the Mobile Device Management (MDM) page. On the Mobile Device Management (MDM) page, you can download the configuration file for Android or Apple iOS devices. 

BloxOne Mobile Endpoint Management also offers the following support features to assist in managing MDM on user devices:   

Integration with Logs

Integration with logs allows for the sending of log files directly to the Cloud. If desired, a device user can still choose to email logs to a list of recipients in addition to sending them to the Cloud or instead of sending them to the Cloud. 

Multiple Anycast IP Support

 In a scenario where the primary server fails, Healthcheck will send IP requests to the next best Anycast server. This condition will persist until the primary Anycast server resumes functionality, at which time IP requests will once again be submitted through the primary server.

Automatic Reestablishment of Mobile Endpoint Protection

If a device user manually turns off mobile endpoint protection for the device and then neglects to manually turn it back on, then mobile endpoint protection will automatically be reestablished after 30 minutes of non-use.


Configuring Mobile Endpoint MDM in the Cloud Services Portal

To configure mobile endpoint configuration for MDM solutions, complete the following:

  1. From the Cloud Services Portal, click Manage > Endpoints.
  2. On the Endpoints page, click the Endpoint Groups tab.
  3. On the Endpoints Groups page, click Download MDM Configuration
  4. On the Mobile Device Management page, download the configuration file for your device:
    • For an Android device, click Download Android Config File.
    • For an Apple device, click Download IOS Config File
    • For a Chrome device, click Download Chrome Config File. Chrome OS versions 90 and above are supported.
  5. Click Close to close the once your device configuration file has been downloaded. 
  6. The configuration file contains the following information that you can use when configuring MDM:
    • customerId: The ID generated by the Cloud Services Portal for your account. You should use the provided ID to associate endpoints with your account.
    • groupName: The group name for the endpoint group to which endpoints will be automatically joining. You can change it per your requirements but you should specify only an existing group. 
    • allowServiceControl: True/false to allow the disabling of protection on the client.
    • userId: The user name displayed in the logs. MDM solutions provide variables like full name, username, serial, which help you to better identify a device user. Please refer your MDM documentation for additional information.
  • No labels

This page has no comments.