Skip to main content

Remote Devices

A Remote Device connects through your DrawBridge from "outside" your network -- from the public Internet.

Remote Devices are created by:

  • A DrawBridge Console user: Click the + located in the upper right corner of the Local Devices list view to to create a new Local Device Record.
  • CF Odoo Portal sync: Devices created in the Portal are automatically synchronized either via a triggered sync run (Cloud Servers), or the scheduled sync job.

In the Remote Device list view, select any remote device record by tapping the username shown in the Filter Username column to see an individual device record.

Record View

The individual Remote Device record contains the following parameters:

Parameter About
Company the Company associated with the Device; see the Accounts section for more information
Console User the Person record associated with the Remote Device
Filter Username the unique username this Device uses for authentication; this must either match or begin with the username of the associated Console User/Person
Email the email address of the associated Person record
Status this device record is: Active or Inactive
Canonical ID the global unique identifier for this Remote Device; used for synchronization
Contact CID the global unique identifier of the associated Person record; used for sychronization
Last Active the timestamp of the last filter traffic recorded for this device
Device Type the type of hardware, such as Laptop, Smartphone, Tablet, and so forth

Remote Device Record header Buttons:

  • Add a new Remote Device record with the blue + Create Remote Device button
  • Edit this Remote Device record with the green pencil Update Remote Device button
  • Delete this Remote Device record with the red trashcan Delete Remote Device button
  • Hamburger menu:
    • Update Personal Details: edit the information of the associated Person record
    • Set Console Password: set a DrawBridge Console password for this Remote Device User
    • Add Group Membership: add this Remote Device User to a Console Permission Group (see Informational Tabs: Permissions, below)
    • View Realtime Log Lines: jump to the Realtime Log Viewer, with the data view limited to this device
    • Today's Log Lines: jump to the the Reports module with the device pre-selected in data views
    • Record Activity Stream: view the changelog for this Device record
  • Impersonate User (take on the identity and permissions of this Remote Device user in the DrawBridge; used for troubleshooting)
  • Bookmark this page with the ribbon Bookmark button
  • Sync Menu (chain-link icon)
    • Sync Mode (default is 2 Way - Push / Pull from Server); click record sync information
    • Push to Sync Publisher: initiate a record update push from this DrawBridge to the Sync Server
    • Pull from Sync Publisher: initiate a record update pull to this DrawBridge from the Sync Server
    • Mark to Resync: flag this record in the background to be included in the next sync run
Informational Tabs
  • Authentication: Additional parameters used to identify the device to streamline authentication. See Why do I need to have a Port/Platform/ExternalNetwork set for a Remote Device? in the FAQ below.

    Also displayed are:

    • User URL: a link that can be visited in a browser on the device to authenticate its public IP with the DrawBridge
    • PAC URL: Proxy Auto-Configuration: a spec-compliant URL that can be used by major operating systems to programatically fetch proxy settings
  • Auth Activity: A recent history view of public IP addresses that this device has successfully authenticated from, in addition to the associated reverse-DNS network name, when retreivable.

  • Access Policies: a list of Access Policies that are applied to this device. (see Content Filter for more information on Access Policies) This list is generated based on the membership of the Device in a particular Device Group, a component of an Access Policy. The exact Access Policy can be visited by clicking the link in the list under the Name column, or, you can view all Access Policies for your company by clicking the Access Policies/Access Policy Dashboard button to the right.

  • Permissions: a list of Console Permission Groups that this Remote Device User is a member of. (Permits or does Not Permit the submision of an AutoFix, for example)

Device Group Membership

A remote device is always part of the alldevices Device Group of the associated Company. A remote device can be associated with an unlimited number of Device Groups. See the Device Groups page for further information.

FAQs

Q: Why am I getting a Proxy Authentication Required popup on my mobile device?

A: Your device is not properly authenticated with the DrawBridge. Visit the User URL for your device in a browser on that device, and ensure you get a Success message.

If you continue to get these Proxy Authentication Required popups after a successful authentication event:

  • Verify the proxy configuration on the device is correct (particularly the assigned port)
  • Verify the network you are connecting from is listed in External Networks under the device. See the FAQ item below: How does setting Port+Platform+ExternalNetwork information assist Remote Device authentication?

Q: Why does the Last Active timestamp not line up with the known usage of the Remote Device?

A: This timestamp is the last recorded filter log activity for the device. There are several possibilities to explain why a device that is known to be in-use is not showing a current corresponding timestamp:

  1. The device does not have a data connection.

    Solution:

    • Ensure the device has an active data plan and/or connect the device to an open WiFi network (not a captive-portal-controlled network, such as many public hotspots).
    • Perform activities on the device that will generate log data, such as visiting a search engine in a browser.
    • Verify while performing the activies that loglines are shown in the DrawBridge Realtime Log Viewer for the device.
    • If loglines for that device are displayed in the Realtime viewer, wait at least 15 minutes for the logs to be processed.
    • Refresh the Device Record page to see if the Last Active timestamp has been updated.
  2. The device is not properly authenticating with the DrawBridge, therefore, no web activity logs are being recorded.

    Solution:

    • Follow the same steps as detailed above to verify there are loglines displayed in the Realtime Log Viewer for the device in question.
    • If there are no loglines, and yet web resources can be accessed on the device, then the proxy software on the device is failing to properly proxy traffic.
    • Verify the proxy settings/software on the device are correctly configured.
    • Visit the device User URL in a browser on the device to trigger an authentication event while monitoring the DrawBridge Realtime Log Viewer Errors Log, with the Remote Device port entered in the Pattern field. You should see one or more lines indicating successful authentication.

    Note for Android devices: Android has a "fail-open" proxy design, so if authentication fails for any reason, Android will bypass the proxy. This can generally be resolved by re-authenticating the device with the DrawBridge.

  3. The only traffic that is getting recorded is considered "system activity" and is not considered reportable, and is therefore not saved, so the Last Activity timestamp is not updated.

    Solution: Follow the steps in #1 and #2 (if needed) to ensure the device is properly proxied and authenticating with the DrawBridge.


Q: Why do Remote Devices need to be authenticated?

A: It's critical for filtering and reporting purposes that the device that is connecting to the DrawBridge be postitively, unmistakably, identified.

Beyond that, anything connected to the internet is potentially a target for misuse. For example, if no authentication (username/password) was required for a remote device, a hacker could route their activities unimpeded through your internet connection, therefore making their malicious traffic appear to be originating with you. You may be held legally responsible for what happens on your internet connection. Depending on the type of activities, you may receive a legal notice warning of a DMCA violation. (Digital Millenium Copyright Act.) However, requiring authentication from all remote devices eliminates these concerns.


Q: How does setting Port+Platform+ExternalNetwork information assist Remote Device authentication?

A: As noted above, the DrawBridge requires authentication for Remote Devices. However, mobile operating system platforms (Android and iOS) are notorious for failing to always communicate the required credentials for authentication of each network session they establish. So, to smooth the user experience, the DrawBridge accomodates "assumed authentication" -- if a network request matches all three parameters:

  • sent to the unique Port assigned to the device
  • sent by the operating system Platform specified for the device
  • originates from an External Network (mobile network) the device is known to be using

... then the DrawBridge will "assume" that the request is legitimate and consider the request authenticated. This prevents repeated Proxy Authentication Required popups on mobile devices as they roam cellular networks.