Manage Mobile Endpoint Protection

Published March 14, 2026 | Last modified March 13, 2026

Important: Bot Defense Self-Service Policy Management is an Early Access feature.

The Distributed Cloud Console lets you view and manage the mobile endpoints you protect with Bot Defense. The following information explains how to protect additional endpoints after you initially enable Bot Defense, including how to make those newly protected endpoints available to users.

Protect a New Mobile Endpoint

After you initially deploy your Bot Endpoint Policy, as your IT environment evolves, it may be necessary to protect additional mobile endpoints. To protect an additional mobile endpoint, you must create a new version of the Bot Endpoint Policy that you use for your mobile traffic. You can then decide if you want to release a new version of your mobile app.

Add a New Mobile Endpoint to your Bot Endpoint Policy

  1. From the Bot Defense navigation menu, select Manage > Bot Policies and then select Bot Endpoint Policy.

  2. From the list of saved Bot Endpoint Policies, in the Actions column, select the Action menu (…) next to the most recent policy version. The Type of the policy that you select must be Mobile.

  3. Select Manage Configuration, and then select Edit Configuration.

  4. To add a new protected endpoint, in the Protected Endpoints section, select Add Item and then provide information about the endpoint. For information about specific configuration fields, see Configure the Bot Endpoint Policy.

    Important: F5 recommends that you set mitigation actions for the your new endpoint to Continue until users download a new version of your app or until the rate of false positive results falls to an acceptable level.

  5. When you finish adding new endpoints, select Apply and then select Save Bot Endpoint Policy.

  6. Choose one of the following options:

    • Save Final: The policy version is saved and added to the list of policy versions that you can deploy in your Bot infrastructure.
    • Save as Draft: You or another administrator can review and finalize this policy version later.

  7. To deploy your new policy version, see Deploy Policy Updates.

Next Steps:

After you update a Bot Endpoint Policy with a new mobile endpoint, decide how you want to make the new endpoint available to your mobile app users. You can make the new endpoint available to your users in two ways:

  • Re-release your mobile app bundled with an updated base configuration file.
  • Delay mitigation and allow users to access the new mobile endpoint with your existing mobile app.

Re-release your mobile app bundled with an updated base configuration file

After you deploy a new version of the bot endpoint policy with new mobile endpoints, you can choose to re-release your mobile app bundled with a new base configuration file. This method reduces the likelihood of false positive results.

Once all of your users have upgraded to the re-released app, you can turn on mitigation actions.

To use this method, after you deploy the new version of your bot endpoint policy with new mobile endpoints, perform the following tasks:

  1. Download a new version of the base configuration file for the operating system supported by your mobile app from the Distributed Cloud Console.
  2. Bundle the new base configuration file with your mobile app as described in the F5 Distributed Cloud Mobile SDK documentation that is included with your SDK download.
  3. Deploy a new release of your mobile app.
  4. After your users upgrade to the new app, you can enable mitigation actions for the new mobile endpoint.

Allow access to new mobile endpoints with your existing mobile app

After you deploy a new version of the bot endpoint policy with new mobile endpoints, you can choose to allow access to the new mobile endpoint with your existing app and base configuration file.

If you choose to use an existing app version and base configuration file, you must delay mitigation action until the false positive rate falls to an acceptable level. Note that this method likely results in increased false positive results as each mobile app attempts to access the new mobile endpoint for the first time.

To use this method, after you deploy the new version of your bot endpoint policy with new mobile endpoints, perform the following tasks:

  1. Monitor your false positive rate until it reaches an acceptable level. This can take as long as a couple of weeks.
  2. Once your false positive rate reaches an acceptable level, enable mitigation actions.
  3. Update the base configuration file when you release the next version of your mobile app, so that all new users, have the latest endpoint list.

Download a New Base Configuration File

You download base configuration files from the Action menu (…) for a Bot Endpoint Policy that protects mobile endpoints.

Note: F5 recommends that you download a new base configuration file and bundle it with a new version of your mobile app whenever you add new mobile endpoints to your Bot Endpoint Policy. For information, see Protect a New Mobile Endpoint.

  1. From the Bot Defense navigation menu, select Manage > Bot Policies and then select Bot Endpoint Policy.
  2. From the list of saved Bot Endpoint Policies, in the Actions column, select the Action menu () next to the mobile policy for which you want to download a new base configuration file.
  3. Depending on the operating system on which your mobile app runs, select either Download iOS Base Configuration File or Download Android Base Configuration File.
  4. Bundle the new base configuration file with your next app update as described in the F5 Distributed Cloud Mobile SDK documentation.
On this page: