End-of-Life (EoL)

Configure a Device-Level VPN Configuration for Android Devices Using AirWatch

You can easily enable access to internal resources from your managed Android mobile endpoints by configuring VPN access using AirWatch. In a device-level VPN configuration, you route all of the traffic that matches the access routes configured on the GlobalProtect gateway through the GlobalProtect VPN.
  1. Download the GlobalProtect app for Android.
  2. From the AirWatch console, modify or add a new Android profile.
    1. Navigate to
      Devices
      Profiles
      List View
      .
    2. Select an existing profile to which to add the VPN configuration or add a new one (select
      Add
      Add Profile
      ).
    3. Select
      Android
      as the platform and
      Device
      as the configuration type.
    4. Configure
      General
      profile settings:
      • Name
        —Provide a meaningful name for this configuration.
      • Version—This field is auto-populated with the latest version number of the configuration profile.
      • Description
        —A brief description of the profile that indicates its purpose.
      • Profile Scope—Scope for this profile, either
        Production,
        Staging
        , or
        Both
        .
      • Assignment Type
        —Determines how the profile is deployed to devices:
        • Auto
          —The profile is deployed to all devices automatically.
        • Optional
          —You can deploy the profile to specific devices or you can allow the end user to install the profile from the Self-Service Portal (SSP).
        • Compliance
          —The profile is deployed when the end user violates a compliance policy applicable to the device.
      • Allow Removal
        —Determines whether or not the end user can remove the profile from the device:
        • Always
          —The end user can manually remove the profile at any time.
        • With Authorization
          —The end user can remove the profile with the authorization of the administrator. Choosing this option adds a required
          Password
          field.
        • Never
          —The end user cannot remove the profile from the device.
      • Managed By
        —The Organization Group with administrative access to the profile.
      • Assigned Smart Group
        —The Smart Group to which you want the device profile added. Includes an option to create a new Smart Group which you can configure with specs for organization groups, user groups, ownership categories, tags, minimum OS, device models, and more.
      • Exclusions
        —Selecting
        Yes
        displays a new field
        Excluded Smart Groups
        that enables you to select those Smart Groups you wish to exclude from the assignment of this device profile.
    5. Save and Publish
      this profile to the assigned Smart Groups.
  3. Configure the VPN settings.
    1. Select
      VPN
      and then click
      Configure
      .
    2. Configure
      Connection Info
      , including:
      • Connection Type
        —Select
        GlobalProtect
        as the network connection method.
      • Connection Name
        —Enter the name of the connection name that the device will display.
      • Server
        —Enter the hostname or IP address of the GlobalProtect portal to which to connect.
    3. Configure
      Authentication
      information:
      Choose the method to authenticate end users:
      Password
      or
      Certificate
      . Enter the
      Username
      of the VPN account or click add ( “
      +
      ” ) to view supported lookup values that you can insert. Enter a
      Password
      or upload an
      Identity Certificate
      that GlobalProtect will use to authenticate users.
    4. Save and Publish
      this profile to the assigned Smart Groups.

Recommended For You