Home Compliance & Certification Mobile Firewall Guide

Mobile Firewall Guide

Last updated on Dec 09, 2025

1. Purpose of This Guide

Mobile devices connect everywhere — office Wi-Fi, home networks, public hotspots, airports, coffee shops, the void. A firewall on the device adds a crucial defensive layer by blocking suspicious inbound traffic and controlling outbound connections.

This artefact shows auditors that your organisation:

  • Has enabled a firewall or equivalent network protection on mobile devices

  • Uses platform security features or app-based firewalls

  • (Optional) Uses DNS firewalls or mobile device security tools

This confirms that mobile devices aren’t roaming the internet unarmoured.

2. What You Will Submit

You may upload one or more screenshots showing:

A. Built-in Mobile Firewall / Network Protection

Depending on platform:

  • Android: “Firewall / Network Protection / Secure Wi-Fi / Block Connections”

  • Samsung Knox: Network protection features

  • Apple iOS: No traditional firewall, but acceptable evidence includes Private RelayLockdown Mode, or Third-party firewall/security tools

B. Mobile Security App / Endpoint Protection

Including screenshots from solutions like:

  • Microsoft Defender for Endpoint (MDE)

  • Palo Alto Cortex XDR mobile

  • Bitdefender Mobile

  • Lookout Mobile Security

  • ESET Mobile Security

Must show:

  • Network protection enabled

  • Firewall-style filtering active

  • Blocked threats or connections (if visible)

C. DNS Firewall Used on Mobile Devices

StrongKeep customers can use DNS filtering as the mobile firewall:
Upload screenshots showing:

  • Device enrolled in DNS filtering

  • DNS profile assigned

  • Protection status ON
    (StrongKeep may auto-generate this evidence.)

3. How to Collect / Obtain / Generate This Evidence

Here is the practical step-by-step by device type.

A. Apple iOS / iPadOS Devices

iOS does not include a traditional firewall, so the acceptable evidence includes:

Option 1: Mobile Security App Showing Network Protection

Examples:

  • StrongKeep customers can deploy Palo Alto Cortex XDR mobile

Screenshot the app’s protection dashboard.

Option 2: DNS Firewall Installed

StrongKeep customers can show that their mobile devices are protected using the DNS Firewall:

  • Go to: Settings → VPN & Device Management

  • Show configuration labelled with your DNS firewall profile

  • Generate the list of protected devices to show that the mobile device is listed. StrongKeep may generate this evidence on your behalf.

Option 3: Apple Private Relay (Supplementary Only)

Private Relay is not a firewall, but if your business uses MDM to enforce it, you may screenshot:
Settings → Apple ID → iCloud → Private Relay: ON

(This is supporting evidence, not standalone.)

B. Android Devices (Pixel, Samsung, Xiaomi, Oppo, etc.)

Android provides stronger firewall capabilities.

Option 1: Built-in Firewall / Network Protection

Depending on device brand:

  • Pixel: Settings → Network & Internet → VPN → Private DNS

  • Samsung: Settings → Biometrics & Security → Secure Wi-Fi

  • Some manufacturers include: “Firewall ON”“Block incoming connections”

Screenshot the configuration page showing it enabled.

Option 2: Mobile Security / EDR App

Examples:

  • StrongKeep customers can deploy Palo Alto Cortex XDR mobile

  • Other solutions, like Defender, Bitdefender, ESET

Screenshot:

  • Firewall / Web Protection / Network Filtering ON

  • Any screen showing enforcement of network policies

Option 3: DNS Firewall App

StrongKeep customers can show that their mobile devices are protected using the DNS Firewall:

  • Open the app → show Protection: Enabled

  • Generate the list of protected devices to show that the mobile device is listed. StrongKeep may generate this evidence on your behalf.

C. MDM (Mobile Device Management) Enforcement (Recommended for SMBs)

If you manage devices using Microsoft Intune, Google Endpoint Management, MobileIron, or Jamf:

You may upload an MDM screenshot showing:

  • Compliance policy requiring firewall or network protection

  • Device compliance report (green tick)

  • Assigned configuration profile forcing secure DNS or network filtering

4. Evidence Format

Accepted File Types:

  • PNG

  • JPG

  • PDF

Suggested Naming Convention:
YourCompanyName_MobileFirewall_YYYY-MM-DD

Example:
AcmeClinic_MobileFirewall_2025-03-20.png

5. What “Good” Looks Like

A strong submission includes:

  • Clear indicator that the device has active network protection
    (“Firewall: ON”, “Web Protection: Enabled”, “Secure Wi-Fi: ON”, “DNS Protection Active”)

  • Brand or app name visible
    (e.g., Microsoft Defender, Control-D, Samsung Secure Wi-Fi)

  • Screenshot is readable
    Avoid cropped images that hide settings labels.

  • Representative device
    You only need one example unless your organisation uses multiple device types.

Why it matters: auditors need to see that mobile devices aren’t walking into the internet unprotected.

6. Tips

  • Redact personal details (phone number, Apple ID, Google account).

  • If employees use their personal phones (BYOD), ensure screenshots do not reveal sensitive personal apps.

  • If your business does not use mobile devices for work, you may mark this artefact as Not Applicable.