>
    Strata Copilot
    Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using MobileIron
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. GlobalProtect Administrator's Guide
    4. GlobalProtect Apps
    5. Deploy the GlobalProtect App on Mobile Devices
    6. Manage the GlobalProtect App Using MobileIron
    7. Configure MobileIron for iOS Endpoints
    8. Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using MobileIron
    Download PDF
    GlobalProtect

    Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using MobileIron

    Table of Contents

    Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using MobileIron

    This chapter provides information on configuring a User-Initiated remote access VPN configurtaion for iOS endpoints using MobileIron.
    Where Can I Use This?What Do I Need?
    • NGFW (managed by Panorama or Strata Cloud Manager)
    • Prisma Access (managed by Panorama or Strata Cloud Manager)
    • GlobalProtect Gateway license or Prisma Access license with the Mobile User subscription
    In a remote access (On-Demand) VPN configuration, users must manually launch the app to establish the secure GlobalProtect connection. Traffic that matches specific filters (such as port and IP address) configured on the GlobalProtect gateway is routed through the VPN tunnel only after users initiate and establish the connection.
    Use the following steps to configure a user-initiated remote access VPN configuration for iOS endpoints using MobileIron:
    1. Download the GlobalProtect app for iOS.
    2. Add a certificate configuration and then configure the certificate settings.
      All on-demand VPN configurations require certificate-based authentication.
    3. Add an on-demand (remote access) VPN configuration.
      • Set the configuration type to VPN On Demand.
    4. Configure VPN on-demand settings for iOS.
      • Set the Connection Type to Palo Alto Networks GlobalProtect, and then configure the associated settings.

    © 2025 Palo Alto Networks, Inc. All rights reserved.