Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Developer
Posts: 13
Registered: ‎01-28-2010
My Device: Storm 2
Accepted Solution

Disable direct tcp connection from BES server

Hi,

 

I'm developing an audio streaming player, I'm using ";deviceside=true" to estabilish direct tcp connections avoiding the BES server.

My question is: is it possible to disable the direct tcp connection feature from the BES server? Is there a setting to prevent BB devices from doing direct TCP connections?

 

Thanks,

Developer
Posts: 19,612
Registered: ‎07-14-2008
My Device: Not Specified

Re: Disable direct tcp connection from BES server

Yes, see:

 

PERMISSION_EXTERNAL_CONNECTIONS and PERMISSION_INTERNAL_CONNECTIONS, pre 4.6 or

PERMISSION_INTERNET and PERMISSION_SERVER_NETWORK, for 4.6+

 

I would recommend that you support BES connections in a BES environment.

New Developer
Posts: 13
Registered: ‎01-28-2010
My Device: Storm 2

Re: Disable direct tcp connection from BES server

Thanks Peter,

 

I searched for  the permissions above but it seems to me that they can be checked out and changed by the application running on the BB device, is that right?

If the permissions can be changed from the device, it is not a problem at all...

 

I need to know if it is possible from the BES server to set a policy such that a device cannot do direct tcp connections with ";deviceside=true".

I need to know this because my application could be installed on a personal device as well as on an enterprise device and I must be sure that I can always do direct tcp connections to avoid the "HTTP 413 error" caused by the download limit of the BES.

I know that from the BES server some features on the device can be disabled such as the camera, is that possible also for direct tcp connections?

 

Thanks for your help,

 

 

Developer
Posts: 19,612
Registered: ‎07-14-2008
My Device: Not Specified

Re: Disable direct tcp connection from BES server

Sorry my mistake, you want the IT Policy

 

There is an IT Policy to disable External non-Enterprise Connections.  I have always assumed that this meant that any direct connection to a Server (WAP, Direct TCP) was not allowed, but have never tested this.

New Developer
Posts: 13
Registered: ‎01-28-2010
My Device: Storm 2

Re: Disable direct tcp connection from BES server

Hi,

 

Thanks for the info, I'll check that out.

 

New Developer
Posts: 13
Registered: ‎01-28-2010
My Device: Storm 2

Re: Disable direct tcp connection from BES server

[ Edited ]

 

I checked out the Policy Reference Guide at http://na.blackberry.com/eng/ataglance/security/it_policy.jsp (top right link)

but i didn't found anything that sounds like disabling direct tcp connections,

in the "TCP policy group" i see:

 

TCP APN IT policy rule

TCP Password IT policy rule

TCP Username IT policy rule

 

but i can't see nothing related to non-enterprise  or direct connections.

 

Also i saw:

 

TLS Device Side Only IT policy rule in the "TLS policy group" but it doesn't seem what i want.

 

Maybe I am looking in the wrong place....

Developer
Posts: 19,612
Registered: ‎07-14-2008
My Device: Not Specified

Re: Disable direct tcp connection from BES server

Page 182:

 

External Network Connections application control policy rule
Description
This rule specifies whether an application can make external network connections. You can set this rule to prevent the application
from sending or receiving any data on the BlackBerry® device using an external protocol (such as, WAP or TCP). You can also set
this rule so that an application prompts the user before it makes external connections through the BlackBerry device firewall.
Default setting
The default setting is Prompt User.
Minimum requirements
• Java® based BlackBerry device
• BlackBerry® Device Software version 4.0
• BlackBerry® Enterprise Server version 4.0

New Developer
Posts: 13
Registered: ‎01-28-2010
My Device: Storm 2

Re: Disable direct tcp connection from BES server

d'oh!

 

Thanks

Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: Disable direct tcp connection from BES server

P.S. I believe the above permission (External Connections) also specifies whether BIS-B access is allowed.

 

You may also want to disable Wi-Fi access -- there's another IT Policy setting and a corresponding Application Control permission for that.