Configure a Per-App VPN Configuration for iOS Devices Using AirWatch
You can easily enable access to internal resources from your managed mobile endpoints by configuring GlobalProtect VPN access using AirWatch. In a per-app VPN configuration, you can specify which managed apps on the endpoint can send traffic through the GlobalProtect VPN tunnel. Unmanaged apps will continue to connect directly to the Internet instead of through the GlobalProtect VPN tunnel.
- Download the GlobalProtect app for iOS.
- Download the GlobalProtect app directly from the App Store.
- From the AirWatch console, modify or add a new Apple
- Navigate to DevicesProfilesList View.
- Select an existing profile to add the VPN configuration to it or add a new one (select AddApple iOS).
- Configure General profile settings:
- Description—A brief description of the profile that indicates its purpose.
- Deployment—Determines if the profile will be automatically removed upon unenrollment, either Managed (the profile is removed) or Manual (the profile remains installed until removed by the end user).
- Assignment Type—Determines how the profile is deployed to devices:
- Auto—The profile is deployed to all devices automatically.
- Optional—The end user can optionally install the profile from the Self-Service Portal (SSP) or can be deployed to individual devices at the administrator's discretion.
- Compliance—The profile is deployed when the end user violates a compliance policy applicable to the device.
- Managed By—The Organization Group with administrative access to the profile.
- Assigned Smart Group—The Smart Group to which you want the device profile added. Includes an option to create a new Smart Group which can be configured with specs for minimum OS, device models, ownership categories, organization groups and more.
- Allow Removal—Determines whether or not the profile can be removed by the device's end user:
- Always—The end user can manually remove the profile at any time.
- With Authorization—The end user can remove the profile with the authorization of the administrator. Choosing this option adds a required Password field.
- Never—The end user cannot remove the profile from the device.
- Exclusions—If Yes is selected, a new field Excluded Smart Groups displays, enabling you to select those Smart Groups you wish to exclude from the assignment of this device profile.
the per-app VPN settings in the Apple iOS profile.
- Select VPN and then click Configure.
- Configure Connection information, including:
- Connection Name—Enter the name of the connection name to be displayed.
- Connection Type—Select Palo Alto Networks GlobalProtect as the network connection method.
- Server—Enter the hostname or IP address of the GlobalProtect portal to which to connect.
- Account—Enter the username of the VPN account or click add ( “+” ) to view supported lookup values that you can insert.
- Send All Traffic—Select this check box to force all traffic through the specified network.
- Disconnect on Idle—Allow the VPN to auto-disconnect after a specific amount of time.
- Enable Per App VPN to route all of the traffic for a managed app traffic through the GlobalProtect VPN.
- Connect Automatically—Select this check box to allow the VPN to connect automatically to chosen Safari Domains.
- Select the authentication method to use to authenticate users. For per-app VPN, you must use certificate-based authentication. Select User Authentication: Certificate, and then follow the prompts to upload an Identity Certificate to use for authentication.
- Select either Manual or Auto Proxy type and enter the specific information needed.
- Click Save & Publish.
- Configure per-app VPN settings for a new managed app,
or modify the settings for an existing managed apps.After configuring the settings for the app and enabling per-app VPN, you can publish the app to a group of users and enable the app to send traffic through the GlobalProtect VPN tunnel.
- On the main page, select Apps & BooksPublic.
- To add a new app, select Add Application. Or, to modify the settings of an existing app, locate the GlobalProtect app in the list of Public apps and then select the edit icon in the actions menu next to the row.
- Select the organization group by which this app will be managed.
- Select Apple iOS as the Platform.
- Select your preferred method for locating the app,
either by searching the App Store (by Name), or by specifying a
URL for the app in the App Store:
- To search the App Store, enter the app Name, click Next, and then Select the app from the list of search results.
- To search by URL, enter the URL for the app in the App Store (for example, to add the Box app, enter https://itunes.apple.com/us/app/box-for-iphone-and-ipad/id290853822?mt=8&uo=4), click Next, and then enter a Name for the app.
- On the Assignment tab, select Assigned Smart Groups that will have access to this app.
- On the Deployment tab, select the Push Mode, either Auto or On Demand.
- Select Use VPN and then select
the Apple iOS profile that you created in 3.Only profiles that have per-app VPN enabled are available from the drop-down.
- Select Save & Publish to push the App Catalog to the devices in the Smart Groups you assigned in the Assignment section.
Configure a Per-App VPN Configuration for Android Devices U...
Configure a Per-App VPN Configuration for Android Devices Using AirWatch You can easily enable access to internal resources from your managed mobile devices by configuring ...
Configure a Device-Level VPN Configuration for iOS Devices ...
Configure a Device-Level VPN Configuration for iOS Devices Using AirWatch You can easily enable access to internal resources from your managed mobile endpoints by configuring ...
Deploy the GlobalProtect Mobile App Using AirWatch
Deploy the GlobalProtect Mobile App Using AirWatch The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile endpoints. As ...
Configure the GlobalProtect App for Windows 10 UWP Using Ai...
Configure the GlobalProtect App for Windows 10 UWP Using AirWatch Using the GlobalProtect app for Windows 10 UWP as the secure connection between the endpoint ...
Configure a Device-Level VPN Configuration for Android Devi...
Configure a Device-Level VPN Configuration for Android Devices Using AirWatch You can easily enable access to internal resources from your managed Android mobile endpoints by ...
Configure the GlobalProtect App for Android
Configure the GlobalProtect App for Android You can deploy and configure the GlobalProtect app on Android For Work devices from any third-party MDM system supporting ...
Configure the GlobalProtect App for iOS Using AirWatch
Configure the GlobalProtect App for iOS Using AirWatch AirWatch is an Enterprise Mobility Management Platform that enables you to manage mobile endpoints, from a central ...
Download and Install the GlobalProtect Mobile App
Download and Install the GlobalProtect Mobile App The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile devices. As ...
Configure a GlobalProtect Gateway
Configure a GlobalProtect gateway to enforce security policies and provide VPN access for your users. ...