- Configuring a new Cylance Endpoint Security tenant
- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Accessing the management console and configuring authentication
- Setting up administrators
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Create and manage a device policy
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop and CylanceOPTICS agents
- Setting up CylanceOPTICS
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Using RMM solutions to install the Cylance agents on devices
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Adding users and devices
- Setting up CylancePROTECT Mobile
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up CylanceAVERT
- Connecting Cylance Endpoint Security to external services
- BlackBerry Docs
- Cylance Endpoint Security
- Cylance Endpoint Security
- Cylance Endpoint Security Setup Guide
- Setting up CylanceGATEWAY
- Defining your private network
Defining your private network
To use
CylanceGATEWAY
to control access to your private networks, you need to define your private networks. When you define your private networks, you can configure CylanceGATEWAY
to apply the most restrictive privilege and micro-segmentation when users access your network resources. CylanceGATEWAY
supports access to more than one private network (for example, segments, data centers, and VPCs) both in on-premises and cloud environments. CylanceGATEWAY
blocks users from connecting to any location in your private network unless the user is assigned an access control list (ACL) rule that allows the connection.You define your private networks by adding a connector group for each private network that you want users to be able to access resources on. If your
CylanceGATEWAY
service was enabled before July 2023 and included one or more CylanceGATEWAY Connectors
, all of your existing connectors have moved to the "Default Connector Group". You can rename the default connector group or add additional groups and assign the connectors as required. Each tenant supports a maximum of eight connector groups.
Connector groups consist of the following:
- The IP addresses, IP address ranges, and CIDR notation that you specify for each group.CylanceGATEWAY Connectorsrecognize these addresses as a part of one of your private networks.
- The health check URL. This is unique to the group and is used by eachCylanceGATEWAY Connectorin the group to confirm connectivity to your private network.
- The IP restrictions that you may specify to have Gateway accept connections only from connectors at the specified IP addresses.
To establish a secure tunnel between users' devices and your private networks, you must install one or more
CylanceGATEWAY Connectors
and assign them to a group. Each connector group supports a maximum of eight
CylanceGATEWAY Connectors
.You can also specify the addresses of your private DNS servers and the private DNS suffixes used for searches. The DNS settings apply to all group connectors in your environment and must be added to one group.
In environments that contain multiple groups with similar destination IP addresses or address ranges, data flow is directed, in order, to the connector groups listed until the IP address is matched to a connector group. The connector group that includes the matching IP address is then used to route the connection to the destination to access resources.