External MDM Gateway for Wi-Fi

10/3/2008

For this topology, the managed device accesses the Mobile Device Manager (MDM) Gateway Server in the perimeter network to use MDM. The MDM Gateway depicted in this scenario may be used for both cellular and Wi-Fi communication for a managed device.

Topology benefits include the following:

• An architecture that requires a minimal amount of configuration and modification to your current MDM deployment.
• The ability to share infrastructure that supports both internal and external managed devices.

The numbers in the above illustration highlight the following:

1. The MDM managed device uses an internal wireless access point to access the MDM Gateway Server external network interface in the perimeter network. VPN client is enabled on the managed device.

   Note

   The managed device should already be configured with the external DNS name of your MDM Gateway Server. For more information on configuration and setup of MDM Gateway Server, see MDM Deployment Guide and MDM Planning Guide.

2. MDM Gateway Server passes network traffic from the managed device to MDM Device Management Server. This process is similar to a device communicating externally from your network to MDM Gateway Server. If you are using a web proxy in the perimeter network to route mobile device traffic back out to the Internet, no modifications are required. Also, another possibility is for you to use a tunnel default gateway, which routes all mobile device traffic to the Internet.

3. If the internal firewall does not allow IPsec traffic to pass through bi-directionally, you must open UDP ports 500 and 4500 on the internal firewall inbound and outbound. You must open Protocol 50 (IPsec ESP), if using non-NAT–based traffic.