a Device-Level VPN Configuration for Android Devices Using AirWatch
You can easily enable access to internal resources
from your managed Android mobile endpoints by configuring VPN access
using AirWatch. In a device-level VPN configuration, you route all
of the traffic that matches the access routes configured on the
GlobalProtect gateway through the GlobalProtect VPN.
Download the GlobalProtect app directly from Google Play.
From the AirWatch console, modify or add a new Android
Select an existing profile to which to add the VPN
configuration or add a new one (select
as the platform
as the configuration type.
—Provide a meaningful
name for this configuration.
—This field is auto-populated
with the latest version number of the configuration profile.
—A brief description of
the profile that indicates its purpose.
Profile Scope—Scope for this profile, either
—Determines how the
profile is deployed to endpoints. Select
deploy the profile to all endpoints automatically,
enable the end user to install the profile from the Self-Service
Portal (SSP) or to manually deploy the profile to individual endpoints,
to deploy the profile when
an end user violates a compliance policy applicable to the endpoint.
—The Organization Group
with administrative access to the profile.
Assigned Smart Group
—The Smart Group
to which you want the device profile added. Includes an option to
create a new Smart Group which can be configured with specs for
minimum OS, device models, ownership categories, organization groups
—Determines whether or
not the profile can be removed by the endpoint's end user. Select
enable the end user to manually remove the profile at any time,
prevent the end user from removing the profile from the endpoint,
to enable the end user
to remove the profile with the authorization of the administrator.
adds a required
selected, a new field
Excluded Smart Groups
enabling you to select those Smart Groups you wish to exclude from
the assignment of this device profile.
Save and Publish
to the assigned Smart Groups.
To configure the VPN settings, select
the network connection method.
—Enter the name of
the connection name that the endpoint will display.
—Enter the hostname or IP address
of the GlobalProtect portal to which to connect.
Choose the method to authenticate end users:
of the VPN
account or click add ( “
” ) to view supported
lookup values that you can insert.
will use to authenticate users.