Add Roaming Endpoints To Secure Internet Gateway, Computer Network Security, Xcitium Secure Internet Gateway

Add Roaming Endpoints

You can protect Windows and Mac devices outside your network by installing the Shield agent on each roaming device

Click 'Configure' > 'Objects' > 'Roaming Devices' > 'Download Agent'

You can manually install the agent on devices or install it remotely through Endpoint Manager.

Once installed, you can deploy policies to the devices as required

Roaming devices cannot connect to internal domains unless configured appropriately in the 'Network' interface.

Set an anti-tampering password to prevent users uninstalling the agent from the device. Windows devices only.

See 'Additional Settings' for help to configure internal DNS and host files.

Click 'Configure' > 'Objects' > 'Roaming Devices' to view all enrolled roaming devices:

Roaming Agents - Table of Column Descriptions
Column Header	Description
Company	Applies to MSPs only. The name of the company to which the roaming device is enrolled.
Computer Name	The label of the endpoint.
OS Version	The version number of Windows or Mac operating system on the endpoint.
Device Unique ID	String generated by the agent to identify the device to Secure Internet Gateway.
Status	Shows whether the roaming device is connected to SIG or not. Active - Roaming device is connected to SIG Inactive – Roaming device is not connected to SIG. This may be because the device is powered off, there’s no internet connection, or the SIG agent was removed.
Agent Version	Version number of the XSIG roaming agent deployed on the endpoint.
Actions	Control for removing endpoints.

The interface allows you to:

Add new roaming devices

Configure an anti-tampering password

Delete a device

Add new roaming devices

Click 'Configure' > 'Objects' > 'Roaming Devices' > 'Download Agent'

There are two ways you can add roaming devices:

Manually install the agent on endpoints - Click 'Configure' > 'Objects' > 'Roaming Devices' > 'Download Agent'. Manually Install the agent on target devices. The devices will be automatically enrolled.

Import from Endpoint Manager - You can remotely install the agent on managed Windows endpoints from the Endpoint Manager console.

Click 'Download Agent' to get the installation package.

Add new devices

Click 'Configure' > 'Objects' > 'Roaming Devices'

Click 'Download Agent' at the top-right:

Choose your download options in the 'Download Agent' dialog:

Select Company - MSPs only. Select the customer organization for which you want to enroll devices.

Download for Windows - The agent installation package for Windows devices. See Enroll Windows devices for more details.

Download for mac OS - The agent installation package for Mac OS devices. See Enroll Mac OS devices for more details.

Get Endpoint Manager Agent Windows Link - Get Endpoint Manager Agent Windows Link - Reveals the link you need to remotely install the agent on Windows endpoints through Endpoint Manager. See Import Windows Devices from Endpoint Manager for more details.

Enroll Windows devices

Click 'Configure' > 'Objects' > 'Roaming Devices'

Click 'Download Agent' at the top-right

Click 'Download for Windows' in the 'Download Agent' dialog. The installation file is in .msi format.

Transfer the setup files to the Windows devices you want to enroll.

Next, install the agent on the device(s).

Double-click the setup file or right-click and select 'Install' from the context sensitive menu.

The installation wizard starts.

Click 'Next' and complete the agent installation wizard.

Click 'Finish'

That's it. The device is added and listed in the 'Configure' > 'Objects' > 'Roaming Devices' interface.

Note - no security rules are applied to roaming device by default. You can create and apply device specific policies according to your requirements.

See 'Apply Policies to Networks, Roaming / Mobile Devices' for advice on how to configure and deploy security policies to roaming devices.

Enroll Mac OS devices

Click 'Configure' > 'Objects' > 'Roaming Devices'

Click 'Download Agent' at the top-right

Click the 'Download for Mac OS' button in the 'Download Agent' dialog. The installation file is in .pkg format.

Transfer the agent to the Mac OS devices that you want to enroll.

Next, install the agent on the device(s).

Double-click the package file to start the installation wizard.

Click 'Continue'

Choose the agent installation location in the next step:

To install the agent in the default location, click 'Continue'. To install the agent in a different location, click the disk icon, navigate to the new location and click 'Continue'.

The next step lets you choose the installation type and start the installation.

Click 'Install'

The installation requires your user account to continue.

Enter your device user name and password in the respective fields and click 'Install Software'

The installation starts:

Click 'Close' to exit the wizard when installation is finished:

Once installed, the agent starts communicating with the Secure Internet Gateway server. The device is visible in 'Configure' > 'Objects' > 'Roaming Devices'.

Note - no security rules are applied to roaming device by default. You can create and apply device specific policies according to your requirements.

See 'Apply Policies to Networks, Roaming / Mobile Devices' for advice on how to configure and deploy security policies to roaming devices.

Import Windows Devices from Endpoint Manager

Click 'Configure' > 'Objects' > 'Roaming Devices'

Click 'Download Agent' at the top-right

Click 'Get Endpoint Manager Windows Link':

Use this link as the 'Package URL' to install the agent on managed endpoints.

Process in brief:

Login to Endpoint Manager

Click 'Devices' > 'Device List' > 'Device Management' tab

Select the Windows device(s) on which you want install the packages

Click 'Install or Update Packages' and select 'Install Custom MSI/Packages'

Paste the agent download link into the 'MSI/Package URL' field

Configure the other remote installation options as required

Click 'Install'

See https://help.Xcitium.com/topic-399-1-786-10139-Remotely-Install-and-Update-Packages-on-Windows-Devices.html if you need additional help to install packages via Endpoint Manager.

Configure Anti-Tampering Password

The anti-tampering password helps stop the agent from being uninstalled from a roaming device.

Once set, the agent cannot be removed unless the password is provided.

Password protection is only available for Windows devices.

Set an uninstallation password

Click 'Configure' > 'Objects' > 'Roaming Devices'

Click 'Anti-Tampering Password' on the top right

Select Company - MSPs only. Select the customer organization for which you want to set a password.

Password – Create a unique key that is required to uninstall the agent.

Click 'Save' for your settings to take effect

Repeat the process to set password for other companies

The password protection will take effect after ten minutes.

Note: The password protection applies only to the agents of version 1.5 and later.

Delete a Roaming Device

Roaming devices that no longer need web protection can be removed from Secure Internet Gateway.

Any security policies also be removed from the deleted devices.

To minimize errors while deleting SIG agent, we recommend deleting SIG agent only with a disabled VPN. Please disable VPN or any other application, then continue to delete the agent.

Remove a roaming device

Click 'Configure' > 'Objects' > 'Roaming Devices'

Click the trash can icon beside a device to delete it

Click 'OK' to confirm device removal.

Xcitium Secure Internet Gateway

Admin Guide Version

English

Add Roaming Endpoints