Skip Navigation

Controlling network access

You define the network resources that devices enrolled with
BlackBerry Gateway
can connect to using a network access control policy. The network access control policy defines allowed and blocked destinations on private and public networks. You can also use the network access control policy to enable split-tunneling, which allows traffic to trusted public Internet sites to route directly rather than through
BlackBerry Gateway
.
When you create a network access control policy, you specify blocked and allowed network connections. For addresses that are part of your private network, all connections are blocked unless you add the address to the allowed list. For destinations that are not part of your private network, all connections are allowed unless you add the address to the blocked list or
BlackBerry
has determined that the destination is malicious. If you add a public destination to the allowed list, connections are always allowed, even if
BlackBerry
considers the destination to be unsafe.
If you enable split tunneling, traffic to public destinations can be routed directly to the destination rather than through the tunnel to
BlackBerry Gateway
. If you have enabled source IP pinning for
BlackBerry Gateway
, do not enable split tunneling for any destinations that use source IP pinning.