Network > GlobalProtect > MDM
If you are using a Mobile Security Manager to manage end user mobile devices and you are using HIP-enabled policy enforcement, you must configure the gateway to communicate with the Mobile Security Manager to retrieve the HIP reports for the managed devices.
For more detailed information on setting up the GlobalProtect Mobile Security Manager service, refer to Set Up the GlobalProtect Mobile Security Manager in the GlobalProtect Administrator’s Guide, Version 6.2. For detailed step-by-step instructions for setting up the gateway to retrieve the HIP reports on the GlobalProtect Mobile Security Manager, refer to Enable Gateway Access to the GlobalProtect Mobile Security Manager.
Add MDM information for the Mobile Security Manager to enable the gateway to communicate with the Mobile Security Manager.
GlobalProtect MDM Settings
Enter a name for the Mobile Security Manager (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
For a firewall that is in multiple virtual system mode, the Location is the virtual system (vsys) where the Mobile Security Manager is available. For a firewall that is not in multi-vsys mode, the Location field does not appear in the MDM dialog. After you save the Mobile Security Manager, you cannot change its Location.
Enter the IP address or FQDN of the interface on the Mobile Security Manager where the gateway connects to retrieve HIP reports. Ensure that you have a service route to this interface.
The connection port is where the Mobile Security Manager listens for HIP report requests. The default port is 5008, which is the same port on which the GlobalProtect Mobile Security Manager listens. If you are using a third-party Mobile Security Manager, enter the port number on which that server listens for HIP report requests.
Choose the client certificate for the gateway to present to the Mobile Security Manager when it establishes an HTTPS connection. This certificate is required only if the Mobile Security Manager is configured to use mutual authentication.
Trusted Root CA
Click Add and then select the root CA certificate that was used to issue the certificate for the interface where the gateway connects to retrieve HIP reports. (This server certificate can be different from the certificate issued for the device check-in interface on the Mobile Security Manager).You must import the root CA certificate and add it to this list.
Configure GlobalProtect to Retrieve Host Information
Configure GlobalProtect to Retrieve Host Information Follow these instructions to configure GlobalProtect to retrieve host information from devices managed by AirWatch. Install and configure the ...
Ports Used for Management Functions
Ports Used for Management Functions The firewall and Panorama use the following ports for management functions. Destination Port Protocol Description 22 TCP Used for communication ...
Define the GlobalProtect Agent Configurations
Define the GlobalProtect Agent Configurations After a GlobalProtect user connects to the portal and is authenticated by the GlobalProtect portal, the portal sends the agent ...
What Data Does the GlobalProtect Agent Collect?
What Data Does the GlobalProtect Agent Collect? By default, the GlobalProtect agent collects vendor-specific data about the end user security packages that are running on ...
Set Up a Mobile Endpoint Management System
Set Up a Mobile Endpoint Management System To set up a mobile endpoint management system, use the following workflow: Set up the GlobalProtect Infrastructure. Create ...
Use Case: VM-Series Firewalls as GlobalProtect Gateways on ...
Use Case: VM-Series Firewalls as GlobalProtect Gateways on AWS Securing mobile users from threats and risky applications is often a complex mix of procuring and ...
MDM Integration Overview
MDM Integration Overview MDM integration service included with the Windows-based User-ID agent does a full HIP query to the AirWatch MDM server to get the ...
Deploy Server Certificates to the GlobalProtect Components
Deploy Server Certificates to the GlobalProtect Components The following table shows the best practice steps for deploying SSL/TLS certificates to the GlobalProtect components: Import a ...
GlobalProtect Features New GlobalProtect Features Description Clientless VPN You can now use Clientless VPN for securing remote access to common enterprise web applications that use ...