Skip to main content
Skyhigh Security

Configuring the MobileIron MDM solution for iOS devices

UndefinedNameError: reference to undefined name 'undefined' (click for details)
Callstack:
    at (Skyhigh_Secure_Web_Gateway_(Cloud)/Configuring_the_MDM_software/Configuring_the_MobileIron_MDM_solution_for_iOS_devices), /content/body/div[1]/div/div/pre, line 2, column 1

Prerequisites 

This article assumes your device is already managed with MobileIron. The enrollment of devices into MobileIron is not part of the scope for this document.

Configuration Steps

Following 3 configurations will need to be created in MobileIron cloud console:

  1. Configure server root CA certificate
  2. Configure Identity Certificate
  3. Create VPN Profile and distribute

Configure server root CA certificate

  1. Go to the Configuration tab, search for Certificate configuration, and click on it.

clipboard_ee86066023579a61b8a663fee2f3dfc5d.png

  1. Enter the appropriate name in the Name field.
  2. In the Configuration Setup field, choose the server root CA certificate from the system.

clipboard_e2d6ecd33ec12a5d604598b700279ecc6.png

  1. Click Next → select in which device certificate to be pushed → click Done.

Configure Mobileiron with SCEP Server

Step 1 : Configure Certificate Authority

  1. Login to Mobileiron
  2. Navigate to AdminCertificate Authority ( on the left-hand pane )→ Add.
  3. Select Create a Standalone Certificate AuthorityContinue.
  4. Complete the CA Certificate details, and click Generate.
    You will now be able to see the generated CA Authority as shown below:

clipboard_e20ebae5ac923523d13c23e26e7ef0861.png

 

Configure Identity Certificate

Step 1: Go to Configurations tab, search for Identity Certificate configuration, and click on it.

 

Step 2: Configure Identity Certificate Template

  1. Navigate to ConfigurationsAddIdentity Certificate.
  2. From Configuration Setup, select Dynamically Generated.
  3. Select Source as the Certificate Authority you created in the previous step.
  4. Complete the field details.
  5. Click Test Configuration and Continue → Select distribution→ Save.

clipboard_e7d404a61f05c06cdd710d70256980166.png

clipboard_e0e4fe1eb84f3682590110ea3fc0be061.png

Create VPN Profile and distribute : 

  1. Go to the Configurations tab, search for VPN configuration, and click on it.

clipboard_ea6181b7b8a7e29ed38c9d7202ae2790c.png

  1. Enter all the required fields in the profile configuration.

clipboard_e4416fd65a881f5261d703a3593867614.png

For example, the following are the values used in Dev/QA testing:

Fields Values
Server

c49493498.
vpn.mcafee-cloud.com
Get this information from MVision cloud ->certificate page

clipboard_e5efdbdc63de97c190f2c14e73287e5e6.png

Connection Type IKEv2
Local Identifier

Client_Key1

(This string is SAN - (Subject Alternate Name) of client certificate)

Remote Identifier

vpn.mcafee-cloud.com

(This string is SAN -( Subject Alternate Name) of server certificate)

Enable EAP true
TLS Minimum Version N/A
TLS Maximum Version N/A
EAP Authentication Certificate
Credential IPsecContainer:ClientCertsIdentityForTest
Dead Peer Detection Rate Medium
Server Certificate Issuer Common Name VPN Server Root CA
(This string is CN-Common Name of server root certificate)
Server Certificate Common Name vpn.mcafee-cloud.com
(This string is CN-Common Name of server root certifi cate)
Use IP4 and IP6 subnets attributes true
Enable IKEv2 Mobility and Multihoming Protocol (MOBIKE) true
Enable Perfect Forward Secrecy (PFS) true
Enable IKEv2 redirect true
Enable NAT keep alive true
NAT keep alive interval 20 second(s)
IKE SA Params
& Child SA Params
Encryption Algorithm: AES-256
Encryption Algorithm: SHA2-256
Diffi e Hellman Group: 2
Lifetime In Minutes: 1440
Proxy Setup None

 

Distributing/Pushing the profile:

  1. Click Next, and then click on Custom or All Devices.

clipboard_e143f32ca380aab3787b37987b35fa0de.png

  1. If it is Custom, select in which mobile configuration to be pushed.
  2. Click Done.

clipboard_e49957ff26a7f6d77db3a13907d76b78b.png

  1. For Force Check-in, go to Devices tab → click on Actions → select Force Check-in

clipboard_effa3a002c229d5fa98795c0ecb8f5ba9.png

This opens a new window with the " Force Check-in" button. Click on that button, then the configuration will be pushed immediately.

clipboard_ebbd55c097116a422fc90d04589c0414a.png

Check the status of the configuration Push

To check the pushed configuration status, Go to Devices tab, click on the registered device, and check the status of configuration.

clipboard_e0fb219a999ce36c7059972f5cc2fc2d4.png

Verify the VPN profile on your device

Verify the distributed VPN profile in the IOS device (Settings → VPN):

clipboard_e0910d3971614dc06b951fa3f228d6715.png

clipboard_ec7bf2ab5b190d972d976ce100e7e9b7e.png

  • Was this article helpful?