Scenario:

Due to the popularity of smart endpoints such as tablet computers and mobile phones and their characteristics that they can only use wireless networks to access the Internet, employees may use some wireless APs to access the company’s wired network and wireless endpoints (such as mobile phones). They may access the company’s network through wireless APs. It may lead to exposure to the intranet and threats to information security.

Configuration Steps

Step 1.Enter the Endpoint Mgt > Connection Control > Mobile Endpoint page in the navigation menu, and check Enable mobile endpoint verification.

Step 2.Click settings to jump to the mobile endpoint management configuration options page.

When the device discovers a mobile endpoint, you can set the settings to send alarm alert emails, lock the mobile endpoint’s Internet access, and enable the Identify DHCP clients function.

Alert options: refer to the chapter on alert options.

Lock endpoint: You can customize the lockout period.

Enable the Identify DHCP clients: To enhance the ability of mobile endpoints to identify this type of endpoint after accessing the network, it also supports the DHCP mobile endpoint identification function based on the original application identification endpoint ability and mirrors the DHCP protocol data to the device. Configure the mirror port on the interface to provide the device to capture the data packets of the specified network port. Please prepare an empty network port as the mirror port in advance.

Step 3.Mobile endpoint management is applied to all users by default. However, you can select excluded user groups and excluded IPs in the excluded users list.

Step 4.After the completion of configurations, when mobile endpoint traffic accesses and passes through the IAG, it will be recognized and intercepted by the IAG, and the endpoint will prompt as follows.