02-08-2010 06:02 AM
I'm developing an audio streaming player, I'm using ";deviceside=true" to estabilish direct tcp connections avoiding the BES server.
My question is: is it possible to disable the direct tcp connection feature from the BES server? Is there a setting to prevent BB devices from doing direct TCP connections?
Solved! Go to Solution.
02-08-2010 06:53 AM
PERMISSION_EXTERNAL_CONNECTIONS and PERMISSION_INTERNAL_CONNECTIONS, pre 4.6 or
PERMISSION_INTERNET and PERMISSION_SERVER_NETWORK, for 4.6+
I would recommend that you support BES connections in a BES environment.
02-08-2010 08:07 AM
I searched for the permissions above but it seems to me that they can be checked out and changed by the application running on the BB device, is that right?
If the permissions can be changed from the device, it is not a problem at all...
I need to know if it is possible from the BES server to set a policy such that a device cannot do direct tcp connections with ";deviceside=true".
I need to know this because my application could be installed on a personal device as well as on an enterprise device and I must be sure that I can always do direct tcp connections to avoid the "HTTP 413 error" caused by the download limit of the BES.
I know that from the BES server some features on the device can be disabled such as the camera, is that possible also for direct tcp connections?
Thanks for your help,
02-08-2010 08:19 AM
Sorry my mistake, you want the IT Policy
There is an IT Policy to disable External non-Enterprise Connections. I have always assumed that this meant that any direct connection to a Server (WAP, Direct TCP) was not allowed, but have never tested this.
02-08-2010 08:40 AM - edited 02-08-2010 08:42 AM
I checked out the Policy Reference Guide at http://na.blackberry.com/eng/ataglance/security/it
but i didn't found anything that sounds like disabling direct tcp connections,
in the "TCP policy group" i see:
TCP APN IT policy rule
TCP Password IT policy rule
TCP Username IT policy rule
but i can't see nothing related to non-enterprise or direct connections.
Also i saw:
TLS Device Side Only IT policy rule in the "TLS policy group" but it doesn't seem what i want.
Maybe I am looking in the wrong place....
02-08-2010 09:24 AM
External Network Connections application control policy rule
This rule specifies whether an application can make external network connections. You can set this rule to prevent the application
from sending or receiving any data on the BlackBerry® device using an external protocol (such as, WAP or TCP). You can also set
this rule so that an application prompts the user before it makes external connections through the BlackBerry device firewall.
The default setting is Prompt User.
• Java® based BlackBerry device
• BlackBerry® Device Software version 4.0
• BlackBerry® Enterprise Server version 4.0
02-08-2010 12:55 PM
P.S. I believe the above permission (External Connections) also specifies whether BIS-B access is allowed.
You may also want to disable Wi-Fi access -- there's another IT Policy setting and a corresponding Application Control permission for that.