Hardware reference guide
68 GlobalProtect Administrator’s Guide
Set Up the Mobile Security Manager for Device Management Set Up the GlobalProtect Mobile Security Manager
Set Up the Mobile Security Manager for Device
Management
Before you can begin using the Mobile Security Manager to manage mobile devices, you must set up the device
management infrastructure. This includes configuring an interface for device check-in, obtaining the certificates
required for the Mobile Security Manager to send push notifications to devices over-the-air (OTA), defining
how to authenticate users/devices before allowing enrollment, and how to issue identity certificates to each
device.
Configure the Mobile Security Manager for Device Check-in
Configure the Mobile Security Manager for Enrollment
Configure the Mobile Security Manager for Device Check-in
Every hour (by default), the Mobile Security Manager sends a notification message to the devices it manages
requesting that they check in. To send these messages—called push notifications—the Mobile Security Manager
must connect to the devices over-the-air (OTA). To send push notifications to iOS devices, the Mobile Security
Manager must use the Apple Push Notification Service (APNs); for Android devices it must use the Google
Cloud Messaging (GCM) service.
The best practice is to configure the ethernet1 interface on the Mobile Security Manager as an external-facing
interface for mobile device and gateway access. Therefore, to configure the Mobile Security Manager for device
check-in, you must configure the ethernet1 interface and enable it for device check-in. In addition, you must
configure the Mobile Security Manager to send push notifications via APNs/GCM.
The following procedure details how to set up this recommended configuration:
Set Up the Mobile Security Manager for Device Check-In
Step 1 Configure the device check-in interface.
Although you could use the MGT
interface for device check-in,
configuring a separate interface
allows you to separate management
traffic from data traffic. If you are
using the MGT interface for device
check-in, skip to Step 4.
1. Select
Setup > Network > ethernet1 to open the Network
Interface settings dialog.
2. Define the network access settings for the interface, including
the
IP Address, Netmask, and Default Gateway.
3. Enable the services to allow on this interface by selecting the
corresponding check boxes. At a minimum, select
Mobile
Device Check-in
. You may also want to select Ping to aid in
testing connectivity.
4. To save the interface settings, click
OK.
5. Connect the ethernet1 port (labeled
1 on the front panel of the
appliance) to your network using an RJ-45 Ethernet cable. Make
sure that the switch port you cable the interface to is configured
for auto-negotiation.
6. (Optional) Add a DNS “A” record to your DNS server to
associate the IP address of this interface with a hostname.