Configure the GlobalProtect App for iOS

While a third-party MDM system allows you to push configuration settings that allow access to your corporate resources and provides a mechanism for enforcing endpoint restrictions, it does not secure the connection between the mobile endpoint and the services to which it connects. To enable the app to establish secure connections, you must enable VPN support on the endpoint.
The following table describes typical settings that you can configure using your third-party MDM system:
Setting
Description
Key
Value
Connection Type
Type of connection enabled by the policy.
N/A. This information will not be passed as part of the profile, Identifier/subtype will identify the GlobalProtect app
VPN
|
Custom SSL
Identifier
Identifier for the custom SSL VPN in reverse DNS format.
VPNSubType
com.example.globalprotect.vpn
Server
Host name or IP address of the GlobalProtect portal.
RemoteAddress
<hostname or IP address>
For example:
gp.example.com
Account
User account for authenticating the connection.
AuthName
<username>
User Authentication
Authentication type for the connection.
AuthenticationMethod
Certificate | Password
Credential
(
Certificate User Authentication only
) Credential for authenticating the connection.
N/A (no key)
<credential>
For example:
clientcredial.p12
Enable VPN On Demand
(
Optional
) Domain and hostname that establish the connection and the on-demand action:
Key is dependent on the action:
<domain and hostname and the on-demand action>
For example:
Always establish a connection
OnDemandMatchDomainsAlways
gp.example.com; Establish always
Never establish a connection
OnDemandMatchDomainsNever
gp.example.com; Establish never
Establish a connection if needed
OnDemandMatchDomainsOnRetry
gp.example.com; Establish if needed

Recommended For You