- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Configuring a new Cylance Endpoint Security tenant
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop and CylanceOPTICS agents
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Connecting Cylance Endpoint Security to external services
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Appendix: Using RMM solutions to install the Cylance agents on devices
- BlackBerry Docs
- Cylance Endpoint Security
- Setup
- Cylance Endpoint Security Setup Guide
- Setting up CylanceGATEWAY
- Controlling network access
- Configure the access control list
Configure the access control list
CylanceGATEWAY
evaluates existing connections to a destination every five minutes. On evaluation, CylanceGATEWAY
reapplies the ACL rules, and the established connection might be disconnected, if required. This can occur if, for example, the users' risk level has changed, or the destination reputation has been updated since the connection was established.Ensure that you have defined your private network according to your organization's needs. For instructions, see Define your private network.
- In the management console, on the menu bar, clickSettings > Network.
- Click theAccess Control Listtab.
- If you see a notification that a draft set of rules is in progress, click theDraft Rulestab.If you do not have a draft set of rules in progress, any update you make creates a draft set of rules.
- Perform any of the following actions:
- To search for a rule or drafted rule, click and select one or more predefined scopes, a condition, and specify the criteria. Click the rule that you want to view the settings for. Click to reset the search. For more information on searching, see Searching ACL rules and Network Services.
- To add a new rule to the end of the list, clickAdd Rule.
- To add a new rule above or below an existing rule, click in the row for the existing rule and selectAdd rule aboveorAdd rule below.
- To copy a rule and add it above or below an existing rule, click in the row for the existing rule and selectCopy rule aboveorCopy rule below.
- To edit an existing rule, click the name of the rule.
- To disable a rule, click in the row for the rule.
- To enable a rule, click in the row for the rule.
- To delete a rule, click in the row for the rule and selectDelete rule.
- To change the order of the rules, clickOrderand use the arrows to move rules up or down in the list.
- To add a rule to allow traffic to a blocked malicious destination in the event that users require access (for example, users that perform threat research), clickAdd rulewith the following settings. This rule must be ordered before other rules that allow access to a destination.
- Action: Allow
- Check access attempts against Network Protection check box: Clear the check box.
- Target: Matches any. Add the destination address.
- Users or groups: Matches any. Add the users or groups that require access to the destination.
- If you chose to add or edit a rule, specify the ACL rule parameters and clickSave.
- ClickCommit rulesto apply your changes to the ACL.You can also leave the page and return to the draft rules later. When you commit a draft ACL, all other administrators with a draft rule list are prompted to discard their out-of-date draft.