Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Forcepoint DLP System Modules > Configuring Forcepoint DLP system modules > Configuring the mobile agent > Edit Mobile Agent: Connection tab
Edit Mobile Agent: Connection tab
Administrator Help | Forcepoint DLP | Version 8.5.x
Use the Connection tab to determine how the mobile agent connects to Microsoft Exchange and users' devices.
1.
Under Exchange Connection, select Use secure connection (SSL) to use SSL to provide communication security when connecting the mobile agent to Microsoft Exchange.
2.
Enter the Hostname or IP address of the Microsoft Exchange server. The mobile appliance connects to this server to access email resources. The appliance acts as a reverse proxy to the Exchange server, making mobile devices unaware of the server.
3.
Enter the Port for connecting to the Exchange server:
*
If Use secure connection (SSL) is selected, use port 443.
*
If an unsecured connection is being used, use port 80.
4.
Optionally enter the Domain used to identify users in the organization.
5.
Under Mobile Devices Connection, select Use secure connection (SSL) to use SSL to provide communication security when connecting the mobile agent to users' mobile devices.
6.
Enter the IP address of the network interface card (NIC) that mobile devices should use to connect to this agent.
This is a NIC on the mobile appliance or machine hosting the mobile agent. It is the IP address that the mobile agent will listen on. The list reflects all of the NICs found on the mobile appliance.
Select All IP addresses to allow the agent to listen and accept connections from all available network interface IPs.
 
* 
Note 
To modify the IP addresses available on the mobile agent machine, re-install and re-register the mobile agent. If you enter a user name in the installation wizard, the system resolves it to the correct IP address.
7.
Enter one of the following Port numbers:
*
If the Use secure connection (SSL) option is selected, enter port 443.
*
If the SSL option is not selected, enter port 80.
8.
To secure the connection to the mobile agent, users must set up their mobile devices to accept security certificates from the server. Select a certificate option:
*
Select Use Forcepoint default security certificate to use the a self-signed certificate automatically generated by Forcepoint.
It enables SSL encryption to secure the ActiveSync public channel that is used by the mobile agent when communicating with mobile devices, but it does not rely on a well known Root CA for authentication.
If you use this option, users may need to configure their mobile devices to accept all SSL certificates. Some devices, such as those using Windows Mobile 7, do not support this.
*
Select Use the following certificates to secure the ActiveSync public channel using specified certificates, then upload the certificates to use. This option enables SSL encryption and CA authentication, so it is seamlessly accepted by all mobile devices.
Upload both a public certificate and its associated private key.
*
Upload the Public certificate the agent should use to identify itself to mobile devices. The signing CA can be a self-signed Root CA or subordinated (possibly untrusted) CA. If your certificate is signed by a subordinated CA, you must also upload its associated certificate chain file. (See Add chained certificate below.)
*
Upload the Private key that was used to generate the public certificate.
The certificate files must conform to these requirements:
*
All files should be in .PEM file format.
*
The .PEM files for the public certificate and private key must be separate. Concatenation is not supported.
*
The files should not be encrypted or passphrase protected.
*
You must follow a Certificate Signing Request (CSR) procedure when creating the files. Instructions are readily available online.
9.
Select Add chained certificate if the public certificate uploaded in the previous step is signed by a subordinated certificate.
The certificate chain, also known as the certification path, should be a list of all of the CA certificates between (but not including) the server certificate and the Root CA stored in the mobile devices. Each certificate in the list should be signed by the entity identified by the next.
For example, the chained certificate should include numbers 2, 3, and 4 below, but not numbers 1 or 2.
a.
Server certificate, signed by
b.
Issuing CA 1, signed by
c.
Intermediate CA 2, signed by
d.
Intermediate CA 3, signed by
e.
Root CA
The SSLCertificateChainFile file is the concatenation of the various PEM-encoded CA certificate files, usually in certificate chain order.
In most cases, the CA organization provides this file.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Forcepoint DLP System Modules > Configuring Forcepoint DLP system modules > Configuring the mobile agent > Edit Mobile Agent: Connection tab
Copyright 2017 Forcepoint. All rights reserved.