- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Configuring a new Cylance Endpoint Security tenant
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop and CylanceOPTICS agents
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Connecting Cylance Endpoint Security to external services
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Appendix: Using RMM solutions to install the Cylance agents on devices
- BlackBerry Docs
- Cylance Endpoint Security
- Setup
- Cylance Endpoint Security Setup Guide
- Setting up CylanceGATEWAY
- Configuring the Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
Specify which apps use CylanceGATEWAY on iOS devices
CylanceGATEWAY
on iOS
devicesFor
iOS
devices, if your organization manages devices using an EMM solution that supports configuring per-app VPN, you can configure devices to recognize CylanceGATEWAY
as a VPN provider and configure per-app VPN to specify which apps send data through the CylanceGATEWAY
tunnel.To set up per-app tunnel options, you must have permissions for VPN management and app management on
iOS
devices activated using your EMM solution. To specify which apps use the CylanceGATEWAY
tunnel in BlackBerry UEM
perform the following steps:- In theUEMmanagement console, add the apps that you want to send data throughCylanceGATEWAYtoUEMand assign them to users.Only apps that are assigned to users use theCylanceGATEWAYtunnel. Do not assign the default browser or theCylancePROTECT Mobileapp to users or the device will be unable to establish a tunnel withCylanceGATEWAY.For devices with the "User privacy" and "User privacy - User enrollment" activation types, only assigned internal apps and apps licensed through theAppleVolume Purchase Program use the tunnel.
- Create an activation profile that assigns one of the following activation types:
- MDM controls
- User privacy - User enrollment
- User privacywith VPN management and app management enabled
- Create a VPN profile and include the following settings:SettingDescriptionConnection typeCustomVPN bundle IDcom.blackberry.protectServerThis setting specifies the FQDN or IP address of a VPN server. The value must be 127.0.0.1.Authentication typePasswordPasswordLeave this field blankEnable per-app VPNSelectedDomain settingsSpecify the domains that can establish a connection through theCylanceGATEWAYtunnel. If you specify a domain, assigned apps use the tunnel only for connections to the specified domain. You can specify domains forSafari, Calendar, Contacts, Mail, and domains listed in the apple-app-site-association file. You can also specify domains that never use the tunnel.For devices with the "User privacy" and "User privacy - User enrollment" activation types, if you specify a domain that is not a child of the root domain specified in theServerfield, the device ignores the entire VPN profile, not just the invalid domain.Allow apps to connect automaticallySelect this option to specify that the app can start the connection automatically.Connections through theCylanceGATEWAYtunnel can start only ifCylanceGATEWAYis enabled in theCylancePROTECT Mobileapp on the device.Traffic tunnelingIP layer
- Assign profiles to users and instruct them to activate devices.