Managing Mobile Endpoint

Infoblox Mobile Endpoint is a lightweight mobile cloud service for sending queries over an encrypted channel. Mobile Endpoint communicates with Infoblox Threat Defense by using DNS over Transport Layer Security (DoT). Mobile Endpoint provides visibility into infected and compromised devices detected on the network (including Android, iOS, and ChromeOS), preventing DNS-based data exfiltration and other forms of DNS tunneling, and impedes device communications with botnets and their command-and-control infrastructure. Note that Mobile Endpoint is not a VPN client.

The Mobile Endpoint client uses on-device VPN by default to intercept the DNS traffic, in case of iOS, the admin can also configure Extension Type as DNS Proxy (this setting is mentioned in the “Installing Mobile Endpoint” section, below).

Supported Devices

Mobile Endpoint supports the following devices:

Android 11+
iOS 14+
ChromeOS

To enable end users to connect to Infoblox Platform services, the Mobile Endpoint client must be downloaded and installed on all devices. The client enforces security policies that you apply to the remote networks, regardless of where the end users are and which networks they are connected to. For details on downloading the Mobile Endpoint client, see Downloading and Enrolling Mobile Endpoint on Your Device. You will also need to download the MDM configuration file for your device; for details, see Configuring Mobile Endpoint MDM in Infoblox Portal.

Note

Deploying Infoblox Mobile Endpoint using the MDM-less option

As an alternative to deploying Mobile Endpoint by using the MDM configuration file, you can deploy Mobile Endpoint on iOS and Android devices by using the MDM-less option. This option uses a QR code to register the app. For details, see Deployment of MDM-less Mobile Endpoint Using QR Code (no MDM feature).

Domain Management

Mobile Endpoint is designed to route DNS queries directly to Infoblox Threat Defense. If your network setup includes internally hosted domains, you should add them to the bypassed internal domains list; this will ensure uninterrupted access to local resources, such as servers, computers, and printers on your network. After you add internal domains to the list, Mobile Endpoint will direct DNS requests for these internal domains to your local DNS servers, for resolution. For information on how to add domains to the bypass list, see Configuring Internal Domains.

By supporting dual-stack IPv4/IPv6 as well as IPv6 DNS configurations, Mobile Endpoint protects all devices, regardless of their network environments. This means Mobile Endpoint will protect roaming clients in different networking environments. When Mobile Endpoint is connected to a network, the endpoint can communicate with Infoblox Platform by using both IP address protocols. Mobile Endpoint in a dual-stack environment is able to proxy IPv6 DNS queries and forward them to Infoblox Platform over IPv4.

Additional Features

Mobile Endpoint Management also offers the following support features to assist in managing MDM on user devices:

Integration with Logs
Integration with logs allows sending of log files directly to the Platform. The user of a device can still choose to email logs to a list of recipients, in addition to or instead of sending them to the Platform.

Multiple Anycast IP Support
In a scenario where the primary server fails, healthcheck will send IP requests to the next best Anycast server. This condition will persist until the primary Anycast server resumes its function, at which time IP requests will once again be submitted through the primary server.

Automatic Reestablishment of Mobile Endpoint Protection
If the user of a device manually turns off Mobile Endpoint protection for the device and then neglects to manually turn it back on, then Mobile Endpoint protection will automatically be reestablished after 30 minutes of non-use.

For additional information on installing and using Mobile Endpoint, see the following: