Configure a Per-App VPN Configuration for Android Devices
You can easily enable access to internal resources from your managed mobile devices by configuring GlobalProtect VPN access using AirWatch. In a per-app VPN configuration, you can specify which managed apps on the device can send traffic through the GlobalProtect VPN tunnel. Unmanaged apps will continue to connect directly to the Internet instead of through the GlobalProtect VPN tunnel.
- Download the GlobalProtect app for Android.
- From the AirWatch console, modify or add a new Android profile.
- Navigate to.DevicesProfilesList View
- Select an existing profile to which to add the VPN configuration or add a new one (select).AddAdd Profile
- SelectAndroidas the platform andDeviceas the configuration type.
- ConfigureGeneralprofile settings:
- Name—Provide a meaningful name for this configuration.
- Version—This field is auto-populated with the latest version number of the configuration profile.
- Description—A brief description of the profile that indicates its purpose.
- Profile Scope—Scope for this profile, eitherProduction,Staging, orBoth.
- Assignment Type—Determines how the profile is deployed to devices:
- Auto—The profile is deployed to all devices automatically.
- Optional—You can deploy the profile to specific devices, or you can allow the user to install the profile from the Self-Service Portal (SSP).
- Compliance—The profile is deployed when the end user violates a compliance policy applicable to the device.
- Allow Removal—Determines whether or not the end user can remove the profile from the device:
- Always—The end user can manually remove the profile at any time.
- With Authorization—The end user can remove the profile with the authorization of the administrator. Choosing this option adds a requiredPasswordfield.
- Never—The end user cannot remove the profile from the device.
- Managed By—The Organization Group with administrative access to the profile.
- Assigned Smart Group—The Smart Group to which you want the device profile added. Includes an option to create a new Smart Group which you can configure with specs for organization groups, user groups, ownership categories, tags, minimum OS, device models, and more.
- Exclusions—SelectingYesdisplays a new fieldExcluded Smart Groupsthat enables you to select those Smart Groups you wish to exclude from the assignment of this device profile.
- SelectSave and Publishto push this profile to the assigned Smart Groups.
- Configure the per-app VPN settings in the Android profile.
- SelectVPNand then clickConfigure.
- ConfigureConnection Infoincluding:
- Connection Type—SelectGlobalProtectas the network connection method.
- Connection Name—Enter the name of the connection name that the device will display.
- Server—Enter the hostname or IP address of the GlobalProtect portal to which to connect.
- EnablePer App VPNto route all of the traffic for a managed app traffic through the GlobalProtect VPN.
- Select the authentication method to use to authenticate users. For per-app VPN, you must use certificate-based authentication. SelectUser Authentication: Certificate, and then follow the prompts to upload anIdentity Certificateto use for authentication.
- ClickSave & Publish.
- Configure per-app VPN settings for a new managed app, or modify the settings for an existing managed apps.
- On the main page, select.Apps & BooksApplicationsList ViewPublic
- To add a new app, selectAdd Application. Or, to modify the settings of an existing app, locate the app in the list of Public apps and then select the edit icon in the actions menu next to the row.
- Select the organization group by which this app will be managed.
- SelectAndroidas thePlatform.
- Select your preferred method for locating the app, either by specifying a URL or importing the app from Google Play. To search by URL, you must also enter the Google Play Store URL for the app (for example, to search for the Box app by URL, enter https://play.google.com/store/apps/details?id=com.box.android).
- ClickNext. If you chose toImport from Playduring the previous step, you must select the app from the list of approved company apps, and then clickImport. If you do not see the app in the list, contact your Android for Work administrator to approve the app.
- On theAssignmenttab, selectAssigned Smart Groupsthat will have access to this app.
- On theDeploymenttab, select thePush Mode, eitherAutoorOn Demand.
- SelectUse VPNand then select the Android profile that you created in 3.Only profiles that have per-app VPN enabled are available from the drop-down.
- Save and Publishthis profile to the assigned Smart Groups.
Recommended For You
Recommended videos not found.