User guide
Using a segmented network to reduce the spread of
malware on an enterprise Wi-Fi network that uses a
VPN
When a Wi-Fi enabled BlackBerry device connects to an enterprise Wi-Fi network that uses a VPN, the device might permit
the VPN concentrator to send data directly to a BlackBerry Enterprise Server over your organization's network. The VPN
concentrator sends data over port 4101. In this scenario, only the VPN concentrator connects to the enterprise
Wi-Fi
network.
To configure your organization’s VPN concentrator to prevent it from opening unnecessary connections to your
organization’s network, you can configure a segmented network. In a segmented network, you can divide components of
your organization’s network using firewalls to reduce the spread of malware.
For more information about reducing the spread of malware, see Protecting the BlackBerry device platform against
malware.
Supported UI settings for VPN concentrators
BlackBerry 7.1 supports the configuration of the following UI settings for the VPN concentrators that BlackBerry devices
connect to.
UI setting
VPN-
1
Powe
r
Cisco
VPN
3000
Series
Concentr
ator
VPN
Firewall
Brick
NetScree
n
Nortel
Networks
Contivity
Secure
Computi
ng
Sidewind
er
Symante
c Raptor
Firewall
Gateway Credential
(PSK): Username
(Group Name)
X X X X X X X X X
Gateway Credential
(PSK): Password
(Group Password)
X X X X X X X X X
XAuth Credential
(PSK): Username
X X X X X X X
XAuth Credential
(PSK): Password
X X X X X X X
Security Technical Overview Wi-Fi enabled devices
145