Versions Compared

Old Version 1

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


...

Warning
titleAdvisory

Infoblox does not support any other VPN client running on the same device alongside Infoblox Mobile Endpoint.

Before you install Infoblox Mobile Endpoint, ensure that you check the following, otherwise mobile endpoint might not function properly:

...

  • Your local device is not running any DNS service.
  • If your device is running MAC OS X, ensure that you turn off Internet Sharing.
  • Do not apply any firewall rules to block TCP port 443 due to the following:
    • Mobile endpoint must be able to access the following global IPv4 DNS anycast addresses using TCP port 443:
      • 52.119.40.100
      • 52.119.41.100
      • 103.80.5.100
      • 103.80.6.100
    • Mobile endpoint must be able to access the following using TCP port 443
      • csp.infoblox.com
      • threatdefense.infoblox.com and its subdomains
  • Do not apply any firewall rules to block UDP port 53 due to the following:
    • Mobile endpoint must be able to access 52.119.40.100 and 103.80.5.100 using UDP port 53The UDP port 53 query is used to identify (1) the public IP address of the mobile endpoint and (2) the AWS region to which mobile endpoint is connected.
  • Allow HTTPS traffic to s3.dualstack.us-east-1.amazonaws.com where us-east-1 can change based on the region setting for auto upgrade. You must allow HTTPS traffic to access s3.dualstack.us-east-1.amazonaws.com to automatically upgrade mobile endpoint.
  • If you have a VPN client, ensure that the VPN connection is established in the “Split tunnel” mode for every network protocol (IPv4 or IPv4/IPv6 for dual stack)If your organization wants to restrict users from disabling the endpoint application on the mobile device, then make sure that the parameter “allowServiceControl" is set to False in the MDM application configuration.
  • To make sure that devices on your network have a unique username in the Infoblox Portal, verify the parameter “userId“ value in the MDM application configuration is properly configured and not set to the default value as per the application configuration that Infoblox provides.
  • To make sure the user is not able to disable or delete the VPN configuration on the device, add the device configuration in the MDM and push it to the devices on your network. This configuration would also take care of automatically configuring VPN on the device without any need for the user to to allow it. For additional information, see the MDM enrollment documentation.
Note
titleNote

For any deactivated and deleted devices, mobile endpoint can be re-installed and the devices restored and reconfigured.

No Internet Access Warning Message in Windows

In some rare circumstances, BloxOne Mobile Endpoint can make Windows incorrectly display a “No Internet Access” warning, although the connectivity is working fine. This is caused by a limitation in Microsoft Network Connectivity Status Indicator (NCSI) feature.

NCSI uses Active DNS probes to validate internet connectivity on each network interface. However, these DNS checks are restricted and NCSI will refuse to send them to a DNS server on a different interface (such as the loopback IP). Since BloxOne Mobile Endpoint runs a DNS forwarder on the loopback interface as part of its core operation, these specific checks are not compatible with mobile endpoint. This limitation does not cause any problem in majority of the environments, because Windows also performs some other checks to validate the connectivity.

To remedy this situation if it occurs in your configuration, do the following.  NOTE: This fix must be deployed to the Local Group Policy. 

...

.