Setting up Gateway

Note: If Gateway is not enabled for your tenant the menu options to configure it are not displayed in the management console. If a user with insufficient permissions logs in to the management console a no permissions error message is displayed when selecting a menu option. For more information about the error message, see KB 42221257786523.

DNS resolution of IPv6 addresses is not supported. IPv6 addresses will not be returned to the Gateway agent.

Step

Action

Step 1

Install and set up the BlackBerry Protect Connectivity Node and at least one Gateway Connector.

Step 2

Specify the addresses that are part of your private network.

Step 3

Specify your private DNS settings and suffixes.

Step 4

Review the existing CylanceGATEWAY network services or define your own to make creating access control list (ACL) rules on tenants easier (optional).

Step 5

Configure ACL rules on tenants to manage which Internet and private network destinations Gateway allows and blocks access to.

Step 6

Configuring network protection to specify the threats that Gateway detects and how it responds.

Step 7

Add users for Gateway.

Step 8

Configure Gateway service options to specify OS-specific options.

Step 9

Configure enrollment policies to allow users to activate the Aurora Protect Mobile app or Gateway agent on their devices.

Step 10

Assign policies to administrators, users, and groups. Users must be assigned an enrollment policy and Gateway Service policy before they can activate the Gateway agent.

Step 11

Device users install and activate the Aurora Protect Mobile app on iOS, Android, and Chromebook devices and the Gateway agent on Windows and macOS devices. Optionally, you can perform a silent installation or upgrade of the Gateway agent.

You can download the agents from the BlackBerry web site. For more information on the Aurora Protect Mobile app and Gateway agent, see the Aurora Endpoint Security User Guide.

Optionally, you can integrate Aurora Endpoint Security with BlackBerry UEM or Microsoft Intune to verify whether iOS and Android devices are managed by UEM or Intune before they can use Gateway. For more information, see Connecting Aurora Endpoint Security to MDM solutions to verify whether devices are managed.

Step 12

Bring your own IP addresses (BYOIP) to provide larger dedicated IP addresses to control traffic in ways, such as using your organization's own IP address for sourcing IP pinning and allowing a single IP address range or CIDR address instead of several non-continuous IP addresses. (Optional)