Add Mobile Devices
- You can protect iOS and Android devices by enrolling them to the VPN service.
- You need to install the XSIG mobile app or the VPN profile on each device you want to manage.
- XSIG App - Includes a VPN client and a VPN profile.
- VPN Profile - Contains only the profile. Android users need to install the Strong Swan VPN client.
- You should use different email addresses to download the app/profile to each device. The same email should not be used on different devices to download the app/profile.
- Supported versions: Android - 4.4 and above; iOS – 9 and above.
- Once installed, you can deploy polices to mobile devices as required.
- Click 'Configure' > 'Objects' > 'Mobile Devices' to view all enrolled mobile devices:
Mobile device interface - column headers |
|
---|---|
Company |
MSPs' only. The customer organization to which the device is enrolled. |
|
The enrollment mail is sent to this address. |
Remark |
Comments about the account. |
Mode |
'VPN Profile' – The device has only the VPN profile installed. 'VPN + Mobile Agent' – The XSIG app is installed, which includes the VPN profile and the client. |
Status |
The connection state of the mobile device to
Secure Internet Gateway.
|
Last Login/Logout Activity |
Date and time of the device's most recent connection
|
Actions |
Control for removing mobile devices. |
- Click 'Configure' > 'Objects' > 'Mobile Devices'
- Click 'Add New Mobile Device':
- Enter the email addresses of mobile users - The contact addresses of the users whose devices you want to add. You can enter multiple email addresses. Please note - each device requires a unique email address. You cannot use the same email address on different devices.
- Select the type of installation you want:
VPN + Mobile Agent – This is the XSIG mobile app. If you select this, the user need not install any third party VPN client.
- Click here to see instructions for this option.
OR
VPN- This is the profile only. If you select this, Android users must also install the StrongSwan VPN app. StrongSwan is not required for iOS devices.
- Click here to see instructions for this option.
- Please select company – MSPs only. Choose the customer organization for which you want to enroll mobile devices
- Click 'Add'.
- Select Company – applies to MSPs only. Select the company to which the mobile devices should be enrolled
- Click 'Add'.
XSIG will send device enrollment emails to all users that you added.
The user is initially added to the list with a device status of 'Not installed':
- Users should open the email on their device.
- The email contains instructions to enroll their device and three attachments:
- iOS_VPN_Profile.mobileconfig - iOS device users should select this.
- Android_VPN_Profile.sswan - Strongswan VPN profile for Android users
- Android SSLCert.pem – This SSL certificate needs to be imported to Android devices to secure the VPN connection.
Instructions for iOS
- Tap ‘Activate iOS App’ in the mail
- Hit ‘Allow’ to complete the activation:
The VPN profile is now installed on the device.
- You also need to trust the SSL certificates in iOS in order to view HTTPS pages over the VPN
- Go to 'Settings' > 'General' > 'About' > 'Certificate Trust Settings' and enable full trust for root certificates
Once connected, the VPN icon will appear in the navigation bar:
Instructions for Android
- Open the enrollment mail and select 'Android_VPN_Profile'
- Open the StrongSwan VPN app:
- Select 'Add VPN Profile' > 'Import VPN profile':
- Choose 'Android_VPN_Profile' from the downloaded location
- Select 'Import Certificate from VPN Profile'
- Enter the password in the email and select 'OK'
- Tap 'Allow' instead of 'Install'
- Select 'Import' at the top-right
- Open the profile you just imported to start the connection to Secure Internet Gateway:
You will see the following screen when connected:
Note: You also need to trust the SSL certificates in order to view HTTPS pages over the VPN.
- Go to 'Settings' > 'Security' > 'Credential Storage' > 'Install from SD card'. Please note this may vary depending on the Android version.
- Select the 'AndroidSSLCert.pem' certificate from the download location, enter the name and tap 'OK'
You can view the certificate in 'Settings' > 'Security' > 'Trusted Credential' > 'User'. Note – The storage path may vary depending on the device and Android version.
The mobile device will be enrolled and shown as follows:
- No rules are applied to mobile devices by default.
- You can apply device specific policy according to your requirements. See 'Manage XSIG Rules' and 'Apply Policies to Network and Roaming / Mobile Devices' for help to configure and deploy security policies to mobile devices.
XSIG Mobile Device App
- Users are initially added to the list with a device status of 'Not installed':
- XSIG will send device enrollment emails to all users that you add.
- Select Company – applies to MSPs only. Select the company to which the mobile devices should be enrolled.
- Click 'Add'
- XSIG will send device enrollment emails to all users that you added.
- Users are initially added to the list with a device status of 'Not installed':
- Users should open the email on their device. The email contains clear instructions how to install the XSIG app on Android and iOS devices:
Instructions for iOS
- Open the enrollment mail on the iOS device
- Select 'App Store' and download the app from the Apple store.
- After installation, select 'Activate iOS App' in the mail.
- Next, open the app, tap the 'XSIG' button and hit 'Allow'
- Provide the device password if requested:
That's it. The iOS device is successfully enrolled to Secure Internet Gateway.
|
- Tap the XSIG shield icon to enable internet security
- The following screen is shown once the device is connected:
Instructions for Android
- Open the enrollment mail.
- Select 'Google Play' and install the app from the Play Store.
- Please note, the screens may vary depending on the Android version.
- After installation, select 'Activate Android App' in the mail.
- The activation password is copied to the clipboard after selecting 'Activate Android App'.
- Next, tap the 'XSIG' icon:
- Long press in the password field and select 'Paste'
- Select 'OK'
The certificate name field is auto-filled with the certificate's unique identifier:
- Touch 'OK'
The VPN certificate is pre-selected in the 'Select certificate' screen:
- Select 'Allow'
That's it. The app is activated, and the device enrolled. Device details are shown in the 'Mobile Devices' screen in Secure Internet Gateway:
Important
Note: You also need to trust the SSL certificates in order to view HTTPS pages over the VPN.
|
The XSIG app on the mobile device (iOS and Android) can be connected or disconnected by the user. Please note, protection is only available if the app is connected.
- Tap the XSIG icon
The XSIG app opens
- Main – Select the icon to connect to XSIG / disconnect from XSIG.
- Reports – View reports for:
- Overall, Web Browsing Trend
- Top Target Domains
- Top Blocked Domains
- Overall Advanced Threats
- Top URL Categories
- About – Detailed information about Secure Internet Gateway
- What is Secure Internet Gateway – Brief description about the product
- How to Enable / Disable – Instructions how to connect / disconnect to XSIG
- Can't login to Captive Portal – Troubleshooting instructions
- Share – Send the app location details to your friends
- Rate Us – Rate the XSIG app
- How to Remove VPN – Instructions how to remove the XSIG VPN
Web protection policies will no longer be applied when you delete a mobile device.
- Click the trash can icon beside a device to delete it.
- Click 'OK' to confirm removal of the device from the list.