Configuring Application Firewall on Android Enterprise Work Managed Devices

Before you begin

You must have:
  • SOTI MobiControl Manage Profiles permissions to modify firewall settings. See General Permissions.
  • Android Enterprise devices running Android OS 11 or later and SOTI MobiControl plugin version 1.28.0 or later.

About this task

Use the Android Enterprise firewall payload to create application-based firewall rules on Android Enterprise Work Managed devices. Configure rules to allow or block traffic based on applications and network type.
Tip: To enable Samsung IP Firewall for traffic filtering and rerouting, toggle on the Samsung IP Firewall option in the Work Managed firewall profile payload. See Configuring Samsung IP-Based Firewall on Android Devices for details.
Toggling on Samsung IP Firewall in the Work Managed firewall profile payload to configure advanced network traffic filtering and rerouting.

Procedure

  1. From the main menu on the SOTI MobiControl web console, navigate to the Profiles section.
  2. Select an existing profile to edit it or create a new one for Android Classic or Android Enterprise COPE. See Creating a Profile and Editing a Profile.
  3. Under the Restrictions category, select Firewall.
    Selecting the Firewall configuration in an Android Enterprise Work Managed profile.
  4. Choose a Rule Type.
    • Allow: Blocks all network traffic except for specified applications.
    • Block: Restricts network traffic for specified applications.
  5. Select (Add) under the Allowed/Blocked Applications section.
  6. Select (Add) in the Add an Application Name or Bundle Identifier section and enter the following details:
    Adding an application in the Allowed Applications list.
    Tip: Select to bulk import a list of applications from a CSV/ text file.
    1. Application Name: Search for and select the application.
    2. Bundle Identifier: Enter the app’s bundle ID.
    3. Select Save to apply the network restrictions.

  7. Choose a network type in the Networks section.
    • Wi-Fi: Allows/blocks app traffic over Wi-Fi.
    • Cellular: Allows/blocks app traffic over cellular.
    • Wi-Fi & Cellular: Applies restrictions to both networks.
    Select (Add) in the Wi-Fi SSIDs section to specify the network SSID(s).
  8. Select Okay, then select Save to save the firewall configuration.
  9. Assign the profile to your Android Enterprise Work Managed devices to apply the configured application settings. See Assigning a Profile.

What to do next

Verify the firewall rules by testing network access on a device.