Virtual Private Network (VPN)

A Virtual Private Network (VPN) as the name suggests establishes a logical private tunnel on the Internet to ensure only authorized users can access confidential web resources of the organization from any network. VPN ensures all the device-web resource communication happens on a secure channel preventing any kind of unauthorized access. VPN also boosts productivity as it ensures employees can work from anywhere without worrying about lack of access to specific resource/data. With mobile devices extensively becoming a part of corporate productivity, it has become mandatory for IT admins to configure on VPN on mobile devices which can be easily and efficiently done using MDM. VPN profile is also supported for Surface Hubs running Windows 10 Team OS.

Per-app VPN

When a VPN is set up, all the data from the devices, including the personal data is routed through the VPN. Some organizations require a VPN to be set up only for the corporate apps in which case, the admin can make use of per-app VPN.
Configure the VPN used by your organization and specify the apps for which VPN is to be enabled.

The following built-in VPN connection types are supported by MDM:

In addition to the above mentioned built-in VPNs, Mobile Device Manager Plus also supports the following plug-in VPNs. These VPN types require an additional app to be installed on the devices.

F5 Acess, Pulse Secure, SonicWALL Mobile Connect, and Check Point Mobile VPN require the corresponding third-party app to be installed in the device for setting up the VPN configuration.

Using certificate for authentication

In addition to configuring VPN on the managed devices, MDM also provides you with the option of provisioning VPN on the devices using certficate as the means of authentication. Authentication, as we all know plays as a major role in establishment of VPN connection and certificate is generally considered to be much more secure form of authentication than pre-shared key. Further, in case of large VPN networks, managing large quantity of pre-shared keys can be cumbersome. Certificates in this case is a much more scalable alternative. Additionally, pre-shared keys are bound to an IP address but certificates are not bound to an IP address ensuring remote users with a dynamically assigned IP address can authenticate using identification information contained in the certificate. You can configure certificate as explained here and distribute them on a large scale as explained here.

Profile Details

To configure a VPN policy, you need to configure certain common parameters and parameters specific to a VPN type. To know the parameters to be configured for a particular VPN type, click on the VPN type name from the tabs given

Profile Specification

Description

COMMON PARAMETERS

Connection type

The VPN type to be provisioned on the device.

Connection name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Server name / IP address

Host name or IP address of the VPN server.

PPTP-SPECIFIC PARAMETERS

User authentication

Select whether the user must authenticate using password or certificate while initiating the VPN connection.

CA Certificate

Upload the certificate which can be used to authenticate the device.

Profile Specification

Description

COMMON PARAMETERS

Connection type

The VPN type to be provisioned on the device.

Connection name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Server name / IP address

Host name or IP address of the VPN server.

L2TP-SPECIFIC PARAMETERS

User authentication

Select whether the user must authenticate using password or shared secret or certificate while initiating the VPN connection.

Shared secret

Specify the pre-shared secret.

CA Certificate

Upload the certificate which can be used to authenticate the device.

Profile Specification

Description

COMMON PARAMETERS

Connection type

The VPN type to be provisioned on the device.

Connection name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Server name / IP address

Host name or IP address of the VPN server.

IKEv2-SPECIFIC PARAMETERS

User authentication

Select whether the user must authenticate using password or certificate while initiating the VPN connection.

CA Certificate

Upload the certificate which can be used to authenticate the device.

Profile Specification

Description

COMMON PARAMETERS

Connection type

The VPN type to be provisioned on the device.

Connection name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Server name / IP address

Host name or IP address of the VPN server.

F5 Access-SPECIFIC PARAMETERS

Use Single Sign-on credentials

Allow the users to use the credentials configured for Single Sign-on for authentication.

Optimize for metered network

Configure the VPN for wi-fi or mobile data with limited data.

Prompt for user credentials

Specify if the user should be prompted to enter their credentials while initiating the VPN connection.

Profile Specification

Description

COMMON PARAMETERS

Connection type

The VPN type to be provisioned on the device.

Connection name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Server name / IP ddress

Host name or IP address of the VPN server.

Pulse Secure-SPECIFIC PARAMETERS

Realm

Specify the authentication realm. An authentication realm specifies the criteria users must comply with to use the VPN service. It is a grouping of authentication resources including authentication server, authentication policy, etc. This is usually done by the network administrators.

Role

Specify the user role. A user role is an entity defining user session parameters (such as session settings), personalization settings (such as bookmarks) and other enabled access features. For example, a user role may define whether or not a user can perform Web browsing.

Use Single Sign-on credentials

Allow the users to use the credentials configured for Single Sign-on for authentication.

Optimize for metered network

Configure the VPN for wi-fi or mobile data with limited data.

Profile Specification

Description

COMMON PARAMETERS

Connection type

The VPN type to be provisioned on the device.

Connection name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Server name / IP address

Host name or IP address of the VPN server.

SonicWall Mobile Connect-SPECIFIC PARAMETERS

Use Single Sign-on credentials

Allow the users to use the credentials configured for Single Sign-on for authentication.

Allow packet capture

Enable packet capture when VPN is configured on the device.

Use Windows native interface for authentication

Specify if the user should use the Windows interface or the SonicWall Mobile Connect app for authentication.

Profile Specification

Description

COMMON PARAMETERS

Connection Name

Specify the name which needs to be displayed as the VPN name on the end user's mobile device.

Connection Type

The VPN type to be provisioned on the device.

Server Name / IP Address

Host name or IP address of the VPN server.

Check Point Mobile VPN-SPECIFIC PARAMETERS

Use Single Sign-on credentials

Allow the users to use the credentials configured for Single Sign-on for authentication.

Optimize for metered network

Configure the VPN for wi-fi or mobile data with limited data.

Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine