Skip to main content
Skyhigh Security

Configuration Steps for a Per Application VPN for iOS

Configuration of per app VPN profile

Login to AirWatch MDM portal

Login to the admin portal of AirWatch MDM to push the vpn profile to your iPhone profile.

You will be logged in to the admin portal of AirWatch.

clipboard_eb54f0a1aa8f19c2017e13b056b0d243f.png

**Before you proceed further, please make sure to integrate your respective PKI infrastructure with AirWatch for managing your device certificate(s).
Adding a Device Certificate and server certificate in the device through MDM.

Go to Devices → Profiles → Add → Add Profile → Apple iOS

clipboard_e200dc8decb03ce973612df1254a15a38.png

 

Give a name to 'General' and fi ll up respective fields.
Select 'Deployment' type

  • Managed: To automatically download those profiles in the device.
  • Manual: To manually download this profile in the device. To download manually , user will get a notification in the 'Hub' app and clicking on this notification will redirect to messages screen of the app. From that screen user can select any of the messages and download the profiles which are available.

Now select a profile, 'Credentials' to add device certificate and server certificate to your device.You can add multiple certificates in a single profile. Click on the (+) button to add or (-) to delete.

clipboard_e284a3d66e65cb24ff408f22485751f5b.png

Add a VPN profile to the device. 

Go to Devices → Profiles → Add → Add Profile → Apple iOS

Give a name to 'General' and fi ll up respective fields.

clipboard_edd6c25c1a7ae1a6ff2cb81410dfe8b7b.png

Select a profile of ' VPN' and click on 'Configure '. These are the configurations need to setup for VPN profile

Connection Info

 

Fields Values
Connection Name* VPN Configuration
Connection Type* IKEv2
Always On False
(Make it false, otherwise device will be in supervised mode)
Server*

c49493498.
vpn.mcafee-cloud.com
Get this information from Mvision cloud ->certificate page

clipboard_ef2ea2aff6c943d3d394aebacf93b368a.png

Local Identifier*

Client_Key1

(This string is CN(Common Name) and SAN-(Subject Alternate Name) of client certificate 

Remote Identifier*

vpn.mcafee-cloud.com

(This string is CN(Common Name) and SAN-(Subject Alternate Name) of server certificate 

Machine Authentication

Certificate

(select 'certificate' here)

Credential

Certificate #1

(if there is no certificate, please follow #3.1 Step )

Server Certificate Issuer Common Name

VPN Server Root CA

(This string is CN-Common Name of server root certificate)

Server Certificate Common Name

vpn.mcafee-cloud.com

(This string is CN-Common Name of server root certificate)

Enable EAP True
EAP Authentication

Certificate

(select 'certificate' here)

TLS Minimum Version iOS 11 OS Default
TLS Maximum Version iOS 11 OS Default
Credential

Certificate #1

(Select the same 'Certificate' which added in 'Credentials')

Dead Peer Detection Interval Every 10 minutes
SA Parameters
IKE2 & Child
Encryption Algorithm AES-256
Integrity Algorithm SHA2-256
Diffie Hellman Group 2
Lifetime in minutes 1440

 

clipboard_e5149d6ec5316b173429c9f2180101049.png

 

clipboard_ec506616a31bea11ddc98b24884d3d654.png

Add your credentials 

Select 'Credentials' from the same profile. (you may have to scroll down the menu on the right)
Click on 'Configure' to add new credentials.
Add your Device certificate file here.

clipboard_ea808d413ab3d220d0fb7563bd96cbce7.png

Save and Publish

Click on 'Save and Publish' to save the profile.

Now click on 'Publish' to publish the profile.

Respective devices will get updated with the published profile.

To see this VPN Profile in your iOS device, go to SettingsVPNPER-APP VPN here your PER-APP and the VPN Profile will be visible.

Push an application to use the per-app VPN profile

VPN Profile of Per-App VPN is created. Now we will push an Application which will use this VPN Configuration.

Go to APPS & BOOKSApplicationsNative → Select 'Public' tabAdd Application

Select following options-
Platform Apple iOS
Source SEARCH APP STORE
Name (app will be searched in app store and would be installed in the iOS device) Flipkart
Click on 'Next' to search in App Store

clipboard_ed0853044ef2fafeea8783f60c4fb6078.png

Click on the 'Select' button for the application you want to continue with.

clipboard_e2c6ee346f053285e3f35502df1717c7a.png

Click on 'SAVE & ASSIGN'

clipboard_e5d26494f70d9d875bf83fd3409a60f67.png

Add Assignments

Select Assignments tab and click on 'ADD ASSIGNMENT'
Select respective settings to Add Assignments
Select Assignment Groups All Corporate Shared Devices (McAfee LLC (Technology))

Select Application Delivery Method

App Delivery Method:

AUTO - App will be automatically installed in the device, no need to install the app from App store explicitly.

ON DEMAND- App needs to be installed manually from the notification of iOS 'HUB' application.

Managed Access: ENABLED

Remove On Unenroll: ENABLED
Prevent Application Backup: ENABLED
Make App MDM Managed if User Installed: ENABLED
App Tunneling: ENABLED
Per-App VPN Profile (Select the VPN Profile you have recently created in Resource section): VPN_APPLE
Application Configuration: DISABLED
Click on 'Add' to add the profile.

clipboard_e17c1961bb9272da854a72ab75af7b393.png

Save and Publish the Profile
Click on 'SAVE & PUBLISH' to publish the profile. And then click on 'PUBLISH' to publish the profile.

clipboard_e38de373e613a589ae3fb88e6a0c657f2.png

After publish, list will look like this.

clipboard_e0e00c5db50099aee3a48cddb4101eadf.png

Now one notification will be fired in the iOS Device. Click on the 'Install' button in that notification to automatically install the Application. Else you can go to App Store and install the application in your iOS Device.

 

  • Was this article helpful?