Configuring NAT Settings

Assuming users' mobility, Mobile Device Manager Plus Server should be reachable via public IP address. So that devices in LAN and the internet can be managed all the time. There are two approaches in configuring the NAT settings. The two approaches are explained below:

Exposing Mobile Device Manager Plus Server to the Internet:

Mobile Device Manager Plus Server should be reachable via public IP address, you can configure the NAT settings in such a way that all the request that are sent to the Public IP address gets redirected to the Mobile Device Manager Plus Server.

For devices within the LAN

If you use the same DNS name for both public and private IP, then all internal requests within the LAN will be directed through the internal DNS to reach the private IP without getting routed through the public IP.

For devices in the Internet

Devices from internet uses the DNS name to reach the public IP address from where it gets directed to the private IP address.

It is recommended to use FQDN instead of IP address. You can also use self signed or third party certificates to ensure data security.  Since using certificates will encrypt the communication which is the sent to and from the server, this assures that the corporate data is secure in the internet. When you use any third party certificates it recognizes the server using the FQDN. To know more about using third party certificates, refer to this.

Exposing ManageEngine Secure Gateway to the Internet:

This section explains you about managing mobile devices without exposing the Mobile Device Manager Plus Server directly to the internet. This can be achieved with the use of a Secure Gateway. This ensures that the Mobile Device Manager Plus Server is secure from risks and threats from vulnerable attacks. ManageEngine Secure Gateway is a component that will be exposed to the internet. This Secure Gateway acts as an intermediate between the managed mobile devices and the Mobile Device Manager Plus server. If MDM server has been setup in De-Militarized Zone(DMZ), then Secure Gateway is need not to be configured, as MDM server in DMZ is most secure.

Mobile Device Manager Plus server communicates with the APNs/FCM/WNS to wake the mobile device. All communications from the mobile device will be navigated through the Secure Gateway. When the device tries to contact the Mobile Device Manager Plus server, Secure Gateway receives all the connections and redirects to the Mobile Device Manager Plus Server.

Configure NAT settings to locate the Mobile Device Manager Plus Server

To configure NAT Settings, follow the steps below:

  1. (If you're using MDM in Desktop Central), NAT settings can be configured by navigating to NAT under Settings dropdown in the left pane.
  2. (If you're using MDM On-Premises)On the web console, select Admin tab
  3. Click NAT Settings under Settings from the left pane.
  4. The details of the Mobile Device Manager Plus Server and the ports are pre-filled based on your current setup.
  5. Provide the public IP and the Ports of the Secure Gateway and Save

You have now successfully set up Mobile Device Manager Plus to manage mobile devices.  Once you have the set up ready, to manage iOS devices you have to create APNs certificate  and upload it to Mobile Device Manager Plus server.  Refer the Port details for iOS, Android and Windows devices.

We have made your job simpler!

Learn how to setup Secure Gateway in 3 minutes through this demo video.

Setting Up Secure Gateway

Setting up Secure Gateway, involves the following steps:

Configuring Secure Gateway

  1. Download the Secure Gateway setup file here
  2. Double click the setup file to start the installation process
  3. Enter the Mobile Device Manager Plus Server Name, HTTP and HTTPS Port numbers, when prompted and click Next.
  4.  Mobile Device Manager Plus Server Name : Specify the FQDN/DNS/IP address of the Mobile Device Manager Plus server
  5. HTTP Port : The port number that the Secure Gateway uses to contact the Mobile Device Manager Plus server (ex:9020)
  6. HTTPS Port : The port number that the mobile devices use to contact the Mobile Device Manager Plus server (ex:9383 - it is recommended to use the same port 9383(HTTPS) for Mobile Device Manager Plus Server in secured mode).

Minimum Hardware requirements for Secure Gateway

Installing the Certificates

Mobile Device Manager Plus automatically syncs the required certificates for the Secure Gateway. In case the sync fails, admins can also manually install the required certificates. Follow the steps given below to manually install the certificates.

  1. If you are using self-signed certificate, follow the steps mentioned below: Copy the server.crt and server.key files present in ManageEngine\MDMServer\apache\conf and paste them on the folder ManageEngine\ME_Secure_Gateway_Server\nginx\conf on the machine where Secure Gateway is installed
  2. If you are using Third Party Certificate, follow the steps mentioned below:
    1. Third Party Server Certificate has to be renamed as server.crt
    2. Private key has to be renamed as server.key
    3. If you are using an intermediate certificate, modify the file name as intermediate.crt
    4. Copy the server.crt, server.key and the intermediate certificate and paste it in the location where the Secure Gateway has been installed - ManageEngine\ME_Secure_Gateway_Server\nginx\conf
    5. Navigate to ManageEngine\ME_Secure_Gateway_Server\conf\websetting.conf and add the line: intermediate.certificate=intermediate.crt

  You have successfully copied the certificates, click install to complete the installation process.

Verifying Secure Gateway

Secure Gateway will start automatically. You can verify the same by running services.msc from the same machine. Verify if, MangeEngine Secure Gateway has started. You have successfully configured the Secure Gateway

Trouble Shooting Tips

  1. Verify if the certificates are copied to the specified location correctly

  2. Ensure that Port # 9383 is not used by some other service/process

  3. Ensure that you use “Run As Administrator” and have necessary permissions to install the service.

Removing Secure Gateway

Uninstalling Secure Gateway involves the following steps:

Troubleshooting Tips


See Also: Configuring Proxy Server, Configuring Mail Server,Configuring Server Settings, Configuring Remote DB Access, Importing SSL Certificates, User Administration,Personalize, Data Backup and Restore
Copyright © 2019, ZOHO Corp. All Rights Reserved.