Configuring Samsung IP-Based Firewall on Android Devices

Before you begin

You must have:
  • SOTI MobiControl Manage Profiles permissions to modify firewall settings. See General Permissions.

  • A Samsung device enrolled as Android Classic or Android Enterprise COPE.

About this task

Use the Samsung IP-based firewall to control network traffic on Android Classic and Android Enterprise Corporate Owned Personal Enabled (COPE) devices. Configure filter and reroute rules to allow, block, or redirect traffic based on parameters like host IP, port number, application, and network type. See Firewall: Vendor Compatibility Matrix for a list of features available by vendor.
The Firewall configuration for Android Classic and Android Enterprise COPE devices.
Tip: To enable Samsung IP Firewall on Android Enterprise Work Managed devices, toggle on the option in your Work Managed firewall profile payload. For details on the Android Enterprise Work Managed Firewall configuration, see Configuring Application Firewall on Android Enterprise Work Managed Devices.
Toggling on Samsung IP Firewall in the Work Managed firewall profile payload to configure advanced network traffic filtering and rerouting.

Procedure

  1. From the main menu on the SOTI MobiControl web console, navigate to the Profiles section.
  2. Select an existing profile to edit it or create a new one for Android Classic or Android Enterprise COPE. See Creating a Profile and Editing a Profile.
  3. Under the Restrictions category, select Firewall.
    Selecting the Firewall configuration in an Android Enterprise COPE profile.
  4. Add traffic filtering rules and/ or rerouting rules as required. See Configuring Filter Rules and Configuring Re-route Rules.
  5. Select Save to add the firewall configuration to your profile.
  6. Assign this profile to your Samsung devices to apply the configuration. See Assigning a Profile.

What to do next

Verify the firewall rules by testing network access on a managed device and make sure that traffic is allowed, blocked, or rerouted as configured.

Configuring Filter Rules

About this task

Use the Filter Traffic option to create rules that specify which traffic the device approves or blocks. Create more than one filter rule to customize your network traffic control.

Procedure

  1. In the Filter Traffic section, select (Add).
    Adding a filter rule.
  2. Configure the following parameters:
    1. Rule Type: Select Allow to approve traffic or Deny to block it.
    2. Host IP: Enter the IP address to be approved or blocked.
    3. Port: Specify the port number for the selected Host IP.
    4. Port Location: Indicate where the port is located.
    5. Application: Select an application if configuring a Deny rule (for Allow rules, all applications are selected by default).
    6. Network: Choose the network type associated with the rule.

Configuring Re-route Rules

About this task

Use the Re-route Traffic option to create rules that control how network traffic gets directed from a particular host IP address to a specific proxy IP address. Configure more than one re-route rule to optimize your network traffic flow.

Procedure

  1. In the Filter Traffic section, select (Add).
    Adding a filter rule.
  2. Configure the following parameters:
    1. Host IP: Enter the IP address and port number to be redirected.
    2. Proxy IP: Enter the destination proxy IP address and port number.
    3. Application: Select the applications targeted for rerouting.
    4. Network: Specify the network type associated with this rule.