Remote Devices
Remote Devicesmconnect through your DrawBridge from "outside" your network -- from the public Internet.
Create a Remote device by clicking the + button in the upper right corner of the Remote Devices list view.
Remote Device record
Select any remote device record by tapping the username shown in the Filter Username column to see an individual device record. The individual Remote Device record displays several parameters:
- Company: the Company associated with the Device; see the Accounts section for more information
- Console User: the Person record associated with the Remote Device
- Filter Username: the unique username this Device uses when performing the authentiation handshake with the DrawBridge; this must either match or begin with the username of the associated Console User/Person
- Email: the email address of the associated Person record
- Status: this device record is: Active or Inactive
- Canonical ID: the global unique identifier for this Remote Device; used for synchronization
- Contact CID: the global unique identifier of the associated Person record; used for sychronization
- Last Active: the timestamp of the last filter traffic recorded for this device
- Device Type: the type of hardware, such as Laptop, Smartphone, Tablet, and so forth
Informational Tabs
-
Authentication: Additional parameters used to identify the device to streamline authentication. See Why do I need to have a Port/Platform/ExternalNetwork set for a Remote Device? in the FAQ below.
Also displayed are:
- User URL: a link that can be visited in a browser on the device to authenticate its public IP with the DrawBridge
- PAC URL: Proxy Auto-Configuration: a spec-compliant URL that can be used by major operating systems to programatically fetch proxy settings
-
Auth Activity:
-
Access Policies: a list of Access Policies that are applied to this device. (see Network Access for more information on Access Policies) This list is generated based on the membership of the Device in a particular Device Group, a component of an Access Policy. The exact Access Policy can be visited by clicking the link in the list under the Name column, or, you can view all Access Policies for your company by clicking the Access Policies/Access Policy Dashboard button to the right.
-
Permissions: a list of Console Permission Groups that this Remote Device User is a member of. (Permits or does Not Permit the submision of an AutoFix, for example)
Device Group Membership
A remote device is always part of the alldevices Device Group of the associated Company. A remote device can be associated with an unlimited number of Device Groups. See the Device Groups page for further information.
Record menu options
- Update Personal Details: edit the information of the associated Person record
- Set Console Password: set a DrawBridge Console password for this Remote Device User
- Add Group Membership: add this Remote Device User to a Console Permission Group (see Informational Tabs: Permissions, above)
- View Realtime Log Lines: jump to the Realtime Log Viewer, with the data view limited to this device
- Today's Log Lines: jump to the the Reports module with the device pre-selected in data views
- Record Activity Stream: view the changelog for this Device record
FAQs
Q: Why am I getting a Proxy Authentication Required popup on my mobile device?
A: Your device is not properly authenticated with the DrawBridge. Visit the User URL for your device in a browser on that device, and ensure you get a Success message.
If you continue to get these Proxy Authentication Required popups after a successful authentication event:
- Verify the proxy configuration on the device is correct (particularly the assigned port)
- Verify the network you are connecting from is listed in
External Networksunder the device. See the FAQ item below: How does settingPort+Platform+ExternalNetworkinformation assist Remote Device authentication?
Q: Why does the Last Active timestamp not line up with the known usage of the Remote Device?
A: This timestamp is the last recorded filter log activity for the device. There are several possibilities to explain why a device that is known to be in-use is not showing a current corresponding timestamp:
-
The device does not have a data connection.
Solution:
- Ensure the device has an active data plan and/or connect the device to an open WiFi network (not a captive-portal-controlled network, such as many public hotspots).
- Perform activities on the device that will generate log data, such as visiting a search engine in a browser.
- Verify while performing the activies that loglines are shown in the DrawBridge Realtime Log Viewer for the device.
- If loglines for that device are displayed in the Realtime viewer, wait at least 15 minutes for the logs to be processed.
- Refresh the Device Record page to see if the Last Active timestamp has been updated.
-
The device is not properly authenticating with the DrawBridge, therefore, no web activity logs are being recorded.
Solution:
- Follow the same steps as detailed above to verify there are loglines displayed in the Realtime Log Viewer for the device in question.
- If there are no loglines, and yet web resources can be accessed on the device, then the proxy software on the device is failing to properly proxy traffic.
- Verify the proxy settings/software on the device are correctly configured.
- Visit the device User URL in a browser on the device to trigger an authentication event while monitoring the DrawBridge Realtime Log Viewer
Errors Log, with the Remote Device port entered in the Pattern field. You should see one or more lines indicating successful authentication.
Note for Android devices: Android has a "fail-open" proxy design, so if authentication fails for any reason, Android will bypass the proxy. This can generally be resolved by re-authenticating the device with the DrawBridge.
-
The only traffic that is getting recorded is considered "system activity" and is not considered reportable, and is therefore not saved, so the Last Activity timestamp is not updated.
Solution: Follow the steps in #1 and #2 (if needed) to ensure the device is properly proxied and authenticating with the DrawBridge.
Q: Why do Remote Devices need to be authenticated?
A: articleIt's explainingcritical for filtering and reporting purposes that the dangersdevice ofthat hackers,is scriptconnecting kiddies, andto the responsibilityDrawBridge you'dbe incurpostitively, unmistakably, identified.
Beyond that, anything connected to the internet is potentially a target for misuse. For example, if theyno connectedauthentication (username/password) was required for a remote device, a hacker could route their activities unimpeded through your internet connection, therefore making their malicious traffic appear to be originating with you. You may be held legally responsible for what happens on your internet connection. ReferenceDepending DMCA/anti-piracy.on the type of activities, you may receive a legal notice warning of a DMCA violation. (Digital Millenium Copyright Act) Requiring authentication from all remote devices eliminates these concerns.
Q: WhyHow dodoes Isetting needPort+Platform+ExternalNetwork toinformation have a Port/Platform/ExternalNetwork set for aassist Remote Device?Device authentication?
A: articleAs explainingnoted above, the DrawBridge requires authentication for Remote Devices. However, mobile hiccupsoperating system platforms (Android and AssumediOS) are notorious for failing to always communicate the required credentials for authentication of each network session they establish. So, to smooth the user experience, the DrawBridge accomodates "assumed authentication" -- if a network request matches all three parameters:
- sent to the unique Port assigned to the device
- sent by the operating system Platform specified for the device
- originates from an External Network (mobile network) the device is known to be using
... then the DrawBridge will "assume" that the request is legitimate and consider the request authenticated. This prevents repeated Proxy Authentication Required popups on mobile devices as they roam cellular networks.