Xcitium Secure Internet Gateway

• Introduction To Xcitium Secure Internet Gateway
  • Purchase A License
  • Login To Secure Internet Gateway
  • Setup Options Explained
    • Tutorial To Add Networks To Secure Internet Gateway
    • Tutorial To Add Roaming Endpoints To Secure Internet Gateway
    • Tutorial To Add Mobile Devices
    • Tutorial To Deploy XSIG Virtual Appliances
    • Setup Wizard - Add Networks
    • Setup Local Resolver Virtual Machines And Import Sites
• The Admin Console
• The Dashboard
  • Web Overview
  • Security Overview
  • View Logs
• Add Networks, Roaming Endpoints And Mobile Devices
  • Add Networks
  • Add Roaming Endpoints
  • Add Mobile Devices
  • Manage Imported Sites And Virtual Appliances
    • Add Internal Networks
    • Add Internal Domains
• Manage XSIG Rules
  • Manage Security Rules
  • Manage Category Rules
  • Manage Domain Blacklist And Whitelist
  • Manage Block Pages
  • Manage Cloud Browser Settings
• Apply Policies To Networks And Roaming/Mobile Devices
• Domain Classification Requests
• View Protection Details By Customer
• Reports
• Read Testimonials
• View Account Details
• Appendix - Ports, IP Nos Allowed For SIG Roaming Agent And Local Resolver
• About Xcitium Security Solutions

Add Mobile Devices 

Click 'Configure' > 'Objects' > 'Mobile Devices'

• You can protect iOS and Android devices by enrolling them to the VPN service.

• You need to install the XSIG mobile app or the VPN profile on each device you want to manage.

• XSIG App - Includes a VPN client and a VPN profile.

• VPN Profile - Contains only the profile. Android users need to install the Strong Swan VPN client.

• You should use different email addresses to download the app/profile to each device. The same email should not be used on different devices to download the app/profile.

• Supported versions: Android - 4.4 and above; iOS – 9 and above.

• Once installed, you can deploy polices to mobile devices as required. 

• Click 'Configure' > 'Objects' > 'Mobile Devices' to view all enrolled mobile devices: 

 

Mobile device interface - column headers
Company	MSPs' only. The customer organization to which the device is enrolled.
Email	The enrollment mail is sent to this address.
Remark	Comments about the account.
Mode	'VPN Profile' – The device has only the VPN profile installed. 'VPN + Mobile Agent' – The XSIG app is installed, which includes the VPN profile and the client.
Status	The connection state of the mobile device to Secure Internet Gateway. Installed, Active - Protection is enabled, and the device is connected to Secure Internet Gateway. Installed, Not Active - The profile is present on the device, but the device is not connected to Secure Internet Gateway. Not installed - The enrollment mail was sent to the user, but the XSIG profile/app hasn’t yet been installed.
Last Login/Logout Activity	Date and time of the device's most recent connection Login - The last time the device connected to Secure Internet Gateway Logout - The last time the device disconnected from Secure Internet Gateway
Actions	Control for removing mobile devices.

Add a mobile device

• Click 'Configure' > 'Objects' > 'Mobile Devices'

• Click 'Add New Mobile Device':
  

 

• Enter the email addresses of mobile users - The contact addresses of the users whose devices you want to add. You can enter multiple email addresses. Please note - each device requires a unique email address. You cannot use the same email address on different devices.

• Select the type of installation you want:

VPN + Mobile Agent – This is the XSIG mobile app. If you select this, the user need not install any third party VPN client.

• Click here to see instructions for this option.

OR

VPN- This is the profile only. If you select this, Android users must also install the StrongSwan VPN app. StrongSwan is not required for iOS devices.

• Click here to see instructions for this option.

• Please select company – MSPs only. Choose the customer organization for which you want to enroll mobile devices

• Click 'Add'.

VPN

• Select Company – applies to MSPs only. Select the company to which the mobile devices should be enrolled

• Click 'Add'.
  

XSIG will send device enrollment emails to all users that you added.

The user is initially added to the list with a device status of 'Not installed':

• Users should open the email on their device.

• The email contains instructions to enroll their device and three attachments:

• iOS_VPN_Profile.mobileconfig - iOS device users should select this.

• Android_VPN_Profile.sswan - Strongswan VPN profile for Android users

• Android SSLCert.pem – This SSL certificate needs to be imported to Android devices to secure the VPN connection.

Instructions for iOS

• Tap ‘Activate iOS App’ in the mail

• Hit ‘Allow’ to complete the activation:

The VPN profile is now installed on the device.

• You also need to trust the SSL certificates in iOS in order to view HTTPS pages over the VPN

• Go to 'Settings' > 'General' > 'About' > 'Certificate Trust Settings' and enable full trust for root certificates

Once connected, the VPN icon will appear in the navigation bar:

Instructions for Android

• Open the enrollment mail and select 'Android_VPN_Profile'

• Open the StrongSwan VPN app:

• Select 'Add VPN Profile' > 'Import VPN profile':

• Choose 'Android_VPN_Profile' from the downloaded location

• Select 'Import Certificate from VPN Profile'

• Enter the password in the email and select 'OK'

• Tap 'Allow' instead of 'Install'

• Select 'Import' at the top-right

• Open the profile you just imported to start the connection to Secure Internet Gateway:

You will see the following screen when connected:

Note: You also need to trust the SSL certificates in order to view HTTPS pages over the VPN.

• Go to 'Settings' > 'Security' > 'Credential Storage' > 'Install from SD card'. Please note this may vary depending on the Android version.

• Select the 'AndroidSSLCert.pem' certificate from the download location, enter the name and tap 'OK'

You can view the certificate in 'Settings' > 'Security' > 'Trusted Credential' > 'User'. Note – The storage path may vary depending on the device and Android version.

The mobile device will be enrolled and shown as follows:

• No rules are applied to mobile devices by default.

• You can apply device specific policy according to your requirements. See 'Manage XSIG Rules' and 'Apply Policies to Network and Roaming / Mobile Devices' for help to configure and deploy security policies to mobile devices.

 

XSIG Mobile Device App

• Users are initially added to the list with a device status of 'Not installed':

• XSIG will send device enrollment emails to all users that you add.

• Select Company – applies to MSPs only. Select the company to which the mobile devices should be enrolled.

• Click 'Add'
  

• XSIG will send device enrollment emails to all users that you added.

• Users are initially added to the list with a device status of 'Not installed':

 

• Users should open the email on their device. The email contains clear instructions how to install the XSIG app on Android and iOS devices:

Instructions for iOS

• Open the enrollment mail on the iOS device

• Select 'App Store' and download the app from the Apple store.

• After installation, select 'Activate iOS App' in the mail.

• Next, open the app, tap the 'XSIG' button and hit 'Allow'
  

• Provide the device password if requested:

That's it. The iOS device is successfully enrolled to Secure Internet Gateway.

You also need to trust the SSL certificates in iOS in order to view HTTPS pages over the VPN. Go to 'Settings' > 'General' > 'About' > 'Certificate Trust Settings' and enable full trust for root certificates.

• Tap the XSIG shield icon to enable internet security

• The following screen is shown once the device is connected:

 

Instructions for Android

• Open the enrollment mail.

• Select 'Google Play' and install the app from the Play Store.

• Please note, the screens may vary depending on the Android version.

• After installation, select 'Activate Android App' in the mail.

• The activation password is copied to the clipboard after selecting 'Activate Android App'.

• Next, tap the 'XSIG' icon:

• Long press in the password field and select 'Paste'

• Select 'OK'

The certificate name field is auto-filled with the certificate's unique identifier:

• Touch 'OK'

The VPN certificate is pre-selected in the 'Select certificate' screen:

• Select 'Allow'
  

That's it. The app is activated, and the device enrolled. Device details are shown in the 'Mobile Devices' screen in Secure Internet Gateway:

Important Note: You also need to trust the SSL certificates in order to view HTTPS pages over the VPN. Go to 'Settings' > 'Security' Select 'Install from SD card' Select 'AndroidSSLCert.pem' Enter 'AndroidSSLCert' in the 'Name the certificate' screen. Hit 'OK' when finished

 

The XSIG app on the mobile device (iOS and Android) can be connected or disconnected by the user. Please note, protection is only available if the app is connected.

• Tap the XSIG icon 

The XSIG app opens

• Main – Select the icon to connect to XSIG / disconnect from XSIG.

• Reports – View reports for:

• Overall, Web Browsing Trend

• Top Target Domains

• Top Blocked Domains

• Overall Advanced Threats

• Top URL Categories

• About – Detailed information about Secure Internet Gateway
  

• What is Secure Internet Gateway – Brief description about the product

• How to Enable / Disable – Instructions how to connect / disconnect to XSIG

• Can't login to Captive Portal – Troubleshooting instructions

• Share – Send the app location details to your friends

• Rate Us – Rate the XSIG app

• How to Remove VPN – Instructions how to remove the XSIG VPN

Delete a mobile device

Web protection policies will no longer be applied when you delete a mobile device.

• Click the trash can icon beside a device to delete it.

• Click 'OK' to confirm removal of the device from the list.