For iOS devices you have the option of forcing selected applications to connect through your corporate VPN. This feature must be supported by your VPN vendor, and the apps must be published as managed applications. Once enabled, AirWatch will generate a VPN UUID for the current VPN profile settings. The VPN UUID is a unique identifier for this specific VPN configuration and is used to configure apps so they always use the Per-App VPN service for all of their network communication.
Per-App VPN Requirements
- iOS 7+
- Support from VPN vendor
- Applications published as managed apps from the AirWatch Admin Console.
- Per-App VPN configuration profile created in the AirWatch Admin Console.
The table below shows the current VPN provider support for configuring Per-App VPN through AirWatch.
|Provider||Per-App VPN Support?|
|Check Point Mobile VPN||Yes|
|Palo Alto Networks GlobalProtect||Yes|
|SonicWALL Mobile Connect||Yes|
Configuring Per-App VPN for iOS
The Per-App VPN feature, which is available for iOS devices, allows you to specify which managed applications can utilize the VPN connection. Managed applications are those you push specifically to devices via the AirWatch Admin Console. The following instructions explain how to configure such a VPN profile using F5 SSL VPN as an example.
- Navigate to Devices ► Profiles ► List View and Add a new profile for iOS or Android.
- Select the VPN payload and click on Configure to add a new payload.
- Customize the Connection Name as it will appear on the client.
- Select your specific Connection Type.
- Provide the Server address to which the client will connect.
- Specify a user Account or lookup-value from in the user field.
- Enter Authentication details. By default the authentication type will be set to Password. If left empty, the end user will prompted for a password when initiating the connection.
- Enter Proxy details, if applicable.
- Select Per-App VPN in the Connection Info section.
- Enter whitelisted domains for Safari, if applicable. Since Safari is not a managed application, this is the location in the AirWatch Admin Console where you specify the domains that should use Per-App VPN. (For other applications, see the next section on enabling Per-App VPN for managed applications.)
- Select Save & Publish.
Now that you have created and published the Per-App VPN profile, you need to specify which managed applications will be able to use this VPN connection.
- Navigate to Apps & Books ► Applications ► List View. The applications page displays.
- Add an application from either the Internal or Public tabs.
- In the Deployment tab, select Use VPN.
- Select Save & Publish to push the application.
F5-specific Per-App VPN Configuration Notes
- Applications with the Use VPN option enabled will require an active VPN connection for Internet access.
- The Access Policy and Virtual Server need to be modified to support Per-App VPN.
In this case, there should be no Resource Assignment within the policy.
- Verify that VDI & Java Support is enabled within the Virtual Server settings.