Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using Microsoft Intune

In a remote access (On-Demand) VPN configuration, users must manually launch the app to establish the secure GlobalProtect connection. Traffic that matches specific filters (such as port and IP address) configured on the GlobalProtect gateway is routed through the VPN tunnel only after users initiate and establish the connection.
Use the following steps to configure a user-initiated remote access VPN configuration for iOS endpoints using Microsoft Intune:
  1. Download the GlobalProtect app for iOS.
  2. (
    Optional
    ) If your deployment requires certificate-based authentication, configure a certificate profile.
    • Set the
      Platform
      to
      iOS
      .
    • Set the
      Connection type
      to
      Palo Alto Networks GlobalProtect
      .
    • In the Automatic VPN settings area, enable
      On-demand VPN
      to configure conditional rules that control when the VPN connection is initiated.

Related Documentation