Configure a Device-Level VPN Configuration for Android Devices
You can easily enable access to internal resources
from your managed Android mobile endpoints by configuring VPN access
using AirWatch. In a device-level VPN configuration, you route all of
the traffic that matches the access routes configured on the GlobalProtect
gateway through the GlobalProtect VPN.
Download the GlobalProtect app directly from Google Play.
From the AirWatch console, modify or add a new Android
Select an existing profile to which to add the VPN
configuration or add a new one (select
as the platform
as the configuration type.
—Provide a meaningful
name for this configuration.
Version—This field is auto-populated with the latest version
number of the configuration profile.
—A brief description of
the profile that indicates its purpose.
Profile Scope—Scope for this profile, either
—Determines how the
profile is deployed to devices:
profile is deployed to all devices automatically.
—You can deploy the profile
to specific devices or you can allow the end user to install the
profile from the Self-Service Portal (SSP).
—The profile is deployed
when the end user violates a compliance policy applicable to the
—Determines whether or
not the end user can remove the profile from the device:
end user can manually remove the profile at any time.
—The end user can
remove the profile with the authorization of the administrator.
Choosing this option adds a required
—The end user cannot remove the
profile from the device.
—The Organization Group
with administrative access to the profile.
Assigned Smart Group
—The Smart Group
to which you want the device profile added. Includes an option to
create a new Smart Group which you can configure with specs for
organization groups, user groups, ownership categories, tags, minimum
OS, device models, and more.
a new field
Excluded Smart Groups
you to select those Smart Groups you wish to exclude from the assignment
of this device profile.
Save and Publish
to the assigned Smart Groups.
Configure the VPN settings.
the network connection method.
—Enter the name of
the connection name that the device will display.
—Enter the hostname or IP address
of the GlobalProtect portal to which to connect.
Choose the method to authenticate end users:
of the VPN account or
click add ( “
” ) to view supported lookup
values that you can insert. Enter a
will use to authenticate users.