Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources. VPN profiles enable each device to function as if it were connected through an on-site network. Configuring a VPN profile ensures that end users have seamless access to email, files, and content.

To create a base VPN profile:

  1. Navigate to Devices > Profiles & Resources > Profiles > Add. Select Apple iOS.

  2. Configure the profile's General settings.

  3. Select the VPN payload.

  4. Configure Connection information, including: 

    The settings that you see may vary depending on the Connection Type you choose. If you are using Forcepoint or Blue Coat for content filtering, see Creating a Forcepoint Content Filter Profile and Creating a Blue Coat Content Filter Profile.



    Connection Name

    Enter the name of the connection to be displayed on the device.

    Connection Type

    Use the drop-down menu to select the network connection method.


    Enter the hostname or IP address of the server for connection.


    Enter the name of the VPN account.

    Send All Traffic

    Select to force all traffic through the specified network.

    Disconnect on Idle

    Allow the VPN to auto-disconnect after a specific amount of time. Support for this value depends on the VPN provider.

    Per App VPN Rules

    Select to enable Per App VPN. For more information, see Configuring Per-App VPN for iOS Devices.

    Connect Automatically

    Select to allow the VPN to connect automatically to chosen Safari Domains. This option appears when Per App VPN is selected.

    Provider Type

    Select the provider type either AppProxy, or Packet Tunnel, or None.


    Choose the method to authenticate to end users. Follow the related prompts to upload an Identity Certificate, or enter a Password information, or the Shared Secret key to be provided to authorize end users for VPN access.

    Enable VPN On Demand

    Enable VPN On Demand to use certificates to establish VPN connections automatically using the Configuring VPN On Demand for iOS Devices section in this guide.



    Select either Manual or Auto proxy type to configure with this VPN connection.


    Enter the URL of the proxy server.


    Enter the port used to communicate with the proxy


    Enter the user name to connect to the proxy server.


    Enter the password for authentication.

    Vendor Configurations

    Vendor Keys

    Select to create custom keys to go into the vendor config dictionary.


    Enter the specific key provided by the vendor.


    Enter the VPN value for each key.


    If you have choosen IKEv2 as the type, you are eligible to enter the minimum and the maximum TLS version for VPN connection. Provided that you enable the Enable EAP check box before you enter the TLS version.

  5. Select Save & Publish. End users now have access to permitted sites.