pdf icon
Category Filter

Virtual Private Network (VPN)

A Virtual Private Network (VPN) as the name suggests establishes a logical private tunnel on the Internet to ensure only authorized users can access confidential web resources of the organization from any network. VPN ensures all the device-web resource communication happens on a secure channel preventing any kind of unauthorized access. VPN also boosts productivity as it ensures employees can work from anywhere without worrying about lack of access to specific resource/data. With mobile devices extensively becoming a part of corporate productivity, it has become mandatory for IT admins to configure on VPN on mobile devices which can be easily and efficiently done using MDM. VPN profile is also supported for Surface Hubs running Windows 10 Team OS.

Per-app VPN

When a VPN is set up, all the data from the devices, including the personal data is routed through the VPN. Some organizations require a VPN to be set up only for the corporate apps in which case, the admin can make use of per-app VPN.
Configure the VPN used by your organization and specify the apps for which VPN is to be enabled.

The following built-in VPN connection types are supported by MDM:

  • L2TP
  • PPTP
  • IKEv2

In addition to the above mentioned built-in VPNs, Mobile Device Manager Plus also supports the following plug-in VPNs. These VPN types require an additional app to be installed on the devices.

F5 Acess, Pulse Secure, SonicWALL Mobile Connect, and Check Point Mobile VPN require the corresponding third-party app to be installed in the device for setting up the VPN configuration.

Using certificate for authentication

In addition to configuring VPN on the managed devices, MDM also provides you with the option of provisioning VPN on the devices using certficate as the means of authentication. Authentication, as we all know plays as a major role in establishment of VPN connection and certificate is generally considered to be much more secure form of authentication than pre-shared key. Further, in case of large VPN networks, managing large quantity of pre-shared keys can be cumbersome. Certificates in this case is a much more scalable alternative. Additionally, pre-shared keys are bound to an IP address but certificates are not bound to an IP address ensuring remote users with a dynamically assigned IP address can authenticate using identification information contained in the certificate. You can configure certificate as explained here and distribute them on a large scale as explained here.

Profile Details

To configure a VPN policy, you need to configure certain common parameters and parameters specific to a VPN type. To know the parameters to be configured for a particular VPN type, click on the VPN type name from the tabs given

PPTP
Profile Specification Description
COMMON PARAMETERS
COMMON PARAMETERS
Connection type The VPN type to be provisioned on the device.
Connection name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Server name / IP address Host name or IP address of the VPN server.
PPTP-SPECIFIC PARAMETERS
User authentication Select whether the user must authenticate using password or certificate while initiating the VPN connection.
CA Certificate Upload the certificate which can be used to authenticate the device.
L2TP
Profile Specification

Description

COMMON PARAMETERS
Connection type The VPN type to be provisioned on the device.
Connection name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Server name / IP address Host name or IP address of the VPN server.
L2TP-SPECIFIC PARAMETERS
User authentication Select whether the user must authenticate using password or shared secret or certificate while initiating the VPN connection.
Shared secret Specify the pre-shared secret.
CA Certificate Upload the certificate which can be used to authenticate the device.
IKEv2
Profile Specification Description
COMMON PARAMETERS
Connection type The VPN type to be provisioned on the device.
Connection name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Server name / IP address Host name or IP address of the VPN server.
IKEv2-SPECIFIC PARAMETERS
User authentication Select whether the user must authenticate using password or certificate while initiating the VPN connection.
CA Certificate Upload the certificate which can be used to authenticate the device.
F5 ACCESS
Profile Specification Description
COMMON PARAMETERS
Connection type The VPN type to be provisioned on the device.
Connection name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Server name / IP address Host name or IP address of the VPN server.
F5 Access-SPECIFIC PARAMETERS
Use Single Sign-on credentials Allow the users to use the credentials configured for Single Sign-on for authentication.
Optimize for metered network Configure the VPN for wi-fi or mobile data with limited data.
Prompt for user credentials Specify if the user should be prompted to enter their credentials while initiating the VPN connection.
PULSE SECURE
Profile Specification Description
COMMON PARAMETERS
Connection type The VPN type to be provisioned on the device.
Connection name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Server name / IP ddress Host name or IP address of the VPN server.
Pulse Secure-SPECIFIC PARAMETERS
Realm Specify the authentication realm. An authentication realm specifies the criteria users must comply with to use the VPN service. It is a grouping of authentication resources including authentication server, authentication policy, etc. This is usually done by the network administrators.
Role Specify the user role. A user role is an entity defining user session parameters (such as session settings), personalization settings (such as bookmarks) and other enabled access features. For example, a user role may define whether or not a user can perform Web browsing.
Use Single Sign-on credentials Allow the users to use the credentials configured for Single Sign-on for authentication.
Optimize for metered network Configure the VPN for wi-fi or mobile data with limited data.
SonicWall Mobile Connect
Profile Specification Description
COMMON PARAMETERS
Connection type The VPN type to be provisioned on the device.
Connection name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Server name / IP address Host name or IP address of the VPN server.
SonicWall Mobile Connect-SPECIFIC PARAMETERS
Use Single Sign-on credentials Allow the users to use the credentials configured for Single Sign-on for authentication.
Allow packet capture Enable packet capture when VPN is configured on the device.
Use Windows native interface for authentication Specify if the user should use the Windows interface or the SonicWall Mobile Connect app for authentication.
Check Point Mobile VPN
Profile Specification Description
COMMON PARAMETERS
Connection Name Specify the name which needs to be displayed as the VPN name on the end user's mobile device.
Connection Type The VPN type to be provisioned on the device.
Server Name / IP Address Host name or IP address of the VPN server.
Check Point Mobile VPN-SPECIFIC PARAMETERS
Use Single Sign-on credentials Allow the users to use the credentials configured for Single Sign-on for authentication.
Optimize for metered network Configure the VPN for wi-fi or mobile data with limited data.
Jump To