Policy Reference Guide

Local Navigation

VPN policy group

Disable VPN User Profiles IT policy rule

Description

This rule specifies whether a BlackBerry® device user can create VPN profiles on a BlackBerry device.

Possible values

  • Yes
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 4.2.1

Rule introduction

  • BlackBerry® Enterprise Server 4.1 SP3

Enable VPN IT policy rule

Description

This rule specifies whether the VPN client on a BlackBerry® device is turned on.

This rule is obsolete in BlackBerry® Enterprise Server 4.1 SP3 and later.

Possible values

  • Yes
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry Enterprise Server 4.0 SP1

Use VPN Xauth IT policy rule

Description

This rule specifies whether a VPN client on a BlackBerry® device should use Xauth certificates to authenticate with your organization's VPN gateway.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that the device can use this rule.

Possible values

  • Yes
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Allow Handheld Changes IT policy rule

Description

This rule specifies whether a BlackBerry® device user can change all VPN IT policy rules on a BlackBerry device.

This rule is obsolete in BlackBerry® Enterprise Server 4.1 SP3 and later.

Possible values

  • Yes
  • No

Default value

  • Yes

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry Enterprise Server 4.0 SP1

VPN Allow Password Save IT policy rule

Description

This rule specifies whether a BlackBerry® device user can save a VPN password on a BlackBerry device.

Possible values

  • Yes
  • No

Default value

  • Yes

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Disable Prompt for Credentials Re-Entry IT policy rule

Description

This rule specifies whether a BlackBerry® device turns off the prompt for a BlackBerry device user to type the VPN credentials after the user tries to authenticate to the VPN server but is not successful.

Possible values

  • Yes
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 4.2.1

Rule introduction

  • BlackBerry® Enterprise Server 4.1 SP3

VPN DNS Configuration IT policy rule

Description

This rule specifies your organization's VPN DNS configuration.

Related rules

The Enable VPN IT policy rule affects this rule. You must configure the Enable VPN IT policy rule to Yes so that a BlackBerry® device can use this rule.

Possible values

  • Yes
  • No

Default value

  • Yes

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Domain Name IT policy rule

Description

This rule specifies the suffix for your organization's domain name using the FQDN format.

Related rules

The Enable VPN IT policy rule affects this rule. You must configure the Enable VPN IT policy rule to Yes so that a BlackBerry® device can use this rule.

The VPN DNS Configuration IT policy rule affects this rule. You must configure the VPN DNS Configuration IT policy rule to No so that a device can use this rule.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Gateway Address IT policy rule

Description

This rule specifies the IP address or FQDN of your organization's VPN server.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Group Name IT policy rule

Description

This rule specifies the group name of your organization's VPN server. Specify the group name of your organization's VPN server only if the VPN client requires it.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Group Password IT policy rule

Description

This rule specifies the group password for your organization's VPN server. Specify the group password for your organization's VPN server only if the VPN client requires it.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN IKE Cipher IT policy rule

Description

This rule specifies the encryption algorithm that a BlackBerry® device uses to authenticate the IKE exchanges. Change the value only if the encryption algorithm does not support AES-128.

Possible values

  • DES
  • 3DES
  • AES128
  • AES192
  • AES256

Default value

  • AES128

Minimum requirements

  • BlackBerry® Device Software 4.0.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN IKE DH Group IT policy rule

Description

This rule specifies the DH group that a BlackBerry® device uses to generate key material. Change the value only if the DH group does not use ECC.

Related rules

The Enable VPN IT policy rule affects this rule. You must configure the Enable VPN IT policy rule to Yes so that a device can use this rule.

Possible values

  • Group 1
  • Group 2
  • Group 5
  • Group 7
  • Group 9

Default value

  • Group 7

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN IKE Hash IT policy rule

Description

This rule specifies the keyed-hash method authentication code that a BlackBerry® device can use. Change the value only if the hash method authentication code does not support SHA-1 160 bits.

Possible values

  • MD-5 128 bits
  • SHA-1 160 bits

Default value

  • SHA-1 160 bits

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN IPSec Cipher and Hash IT policy rule

Description

This rule specifies the encryption algorithm and hash that a BlackBerry® device uses for IPSec Security Associations. Change the value only if the IPSec cipher and hash are not AES-128 and SHA-1.

Possible values

  • MD5 Hash with No Cipher
  • SHA1 Hash with no Cipher
  • No Hash with DES Cipher
  • MD5 Hash and DES Cipher
  • SHA1 Hash and DES Cipher
  • No Hash and 3DES Cipher
  • MD5 Hash and 3DES Cipher
  • SHA1 Hash and 3DES Cipher
  • No Hash and AES128 Cipher
  • MD5 Hash and AES128 Cipher
  • SHA1 Hash and AES128 Cipher
  • No Hash and AES192 Cipher
  • MD5 Hash and AES192 Cipher
  • SHA1 Hash and AES192 Cipher
  • No Hash and AES256 Cipher
  • MD5 Hash and AES256 Cipher
  • SHA1 Hash and AES256 Cipher

Default value

  • SHA1 Hash and AES128 Cipher

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Minimal Certificate Encryption Key Security Level IT policy rule

Description

This rule specifies the minimum security level for private keys that a BlackBerry® device uses for authentication methods that require client certificates.

Possible values

  • High security
  • Medium security
  • Low security

Default value

  • Low security

Minimum requirements

  • BlackBerry® Device Software 4.2.2

Rule introduction

  • BlackBerry® Enterprise Server 4.1 SP4

VPN NAT Keep Alive IT policy rule

Description

This rule specifies the NAT keep-alive frequency. Specify the interval that must elapse before a BlackBerry® device sends a keep-alive packet to the VPN concentrator to maintain the connection to the VPN concentrator.

Possible values

  • 1 to 1439 minutes

Default value

  • 1 minute

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Password Hidden on Input IT policy rule

Description

This rule specifies whether a BlackBerry® device displays asterisks (*) instead of characters when a BlackBerry device user types a VPN password.

Possible values

  • Yes
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 4.2.1

Rule introduction

  • BlackBerry® Enterprise Server 4.1 SP3

VPN PFS IT policy rule

Description

This rule specifies whether Perfect Forward Secrecy is turned on for a BlackBerry® device. Change the value only if your organization does not support Perfect Forward Secrecy.

Possible values

  • Yes
  • No

Default value

  • Yes

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Primary DNS IT policy rule

Description

This rule specifies the static setting for the IP address of your organization's primary DNS server.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that a BlackBerry® device can use this rule.

The VPN DNS Configuration IT policy rule affects this rule. You must change the VPN DNS Configuration IT policy rule to No so that the device can use this rule.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Secondary DNS IT policy rule

Description

This rule specifies the static setting for the IP address of your organization's secondary DNS server.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that a BlackBerry® device can use this rule.

The VPN DNS Configuration IT policy rule affects this rule. You must change the VPN DNS Configuration IT policy rule to No so that the device can use this rule.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN User Name IT policy rule

Description

This rule specifies the default user name that a BlackBerry® device uses to log in to your organization's VPN server. Specify a value for this rule if you want to configure a default user name for all user accounts. If a BlackBerry device user types a user name on a device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the device, verify that the updated rule uses the same value as this rule.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that a device can use this rule.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN User Password IT policy rule

Description

This rule specifies the default password that a BlackBerry® device uses to log in to your organization's VPN server. Specify a value for this rule if you want to configure a default password for all user accounts. If a BlackBerry device user types a password on a device manually, IT policy updates overwrite or delete the value that the user typed. To retain the value on the device, verify that the updated rule uses the same value as this rule.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that a device can use this rule.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Vendor Type IT policy rule

Description

This rule specifies the type of VPN client that the VPN client on a BlackBerry® device emulates.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that a device can use this rule.

Possible values

  • Alcatel 7130 Secure VPN Gateway Family
  • Avaya VSU(TM) Series
  • Check Point(TM) Software Technologies VPN-1
  • Cisco VPN Concentrator 3000 Series
  • Cisco Secure PIX Firewall VPN
  • Cisco IOS with Easy VPN Server
  • Cosine IPX VPN Gateway
  • Cylink Nethawk
  • Intel(R) Netstructure(TM) 3100 Series
  • Lucent Firewall Brick Family
  • Netscreen Systems
  • Nortel Networks Contivity VPN Switch Series
  • ReefEdge Connect Server
  • Secure Computing Sidewinder(TM) Firewall
  • Symantec Raptor Firewall and PowerVPN

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1

VPN Xauth Type IT policy rule

Description

This rule specifies the type of BlackBerry® device user authentication that your organization's VPN server uses.

Related rules

The Enable VPN IT policy rule affects this rule. You must change the Enable VPN IT policy rule to Yes so that a BlackBerry device can use this rule.

Possible values

  • User name and password required
  • SecurID required

Default value

  • User name and password required

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP1
Next topic: Wi-Fi policy group

Was this information helpful? Send us your comments.