Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources such as email, files, and content. VPN profiles enable each device to function as if it were connected through the on-site network.


  1. Navigate to Resources > Profiles & Baselines > Profiles > Add > Add Profile > Android (Legacy).
  2. Select Device to deploy your profile to a device.
  3. Configure the profile's General settings.
  4. Select VPNand configure the settings. The Authentication settings that display vary based on the Connection Type selected from the Connection Info section. The table below defines all settings that can be configured based on the VPN client.
    Setting Description
    Connection Type

    Choose the VPN client that is used to connect VPN sessions.

    Important: Cisco AnyConnect, Juniper Junos Pulse and F5 SSL connections require specific applications to be installed on each device before the VPN profile is deployed. These applications can be included as a Recommended App from the App Catalog for easy access. Additionally, a Forcepoint specific Certificate Authority must be established to enable a Websense (Forcepoint) VPN connection. See Creating a Forcepoint Content Filter Profile for more information.
    Connection Name Enter the display name of the connection to be displayed on the device.

    Enter the hostname or IP address for the server used for VPN connections. 

    Per-app VPN Rules

    Enable Per App VPN that allows you to configure VPN traffic rules based on specific applications. This field only displays for supported VPN vendors.

    If you are using VPN connections for specific managed apps, see Configuring Per-app VPN for Android (Legacy) Devices.

    Per-app VPN is supported on Android 5.0+devices.

    Username Provide the credentials required for end-user VPN access. Depending on the connection type and authentication method, use lookup values to automatically fill user name info to streamline the login process.
    Shared Secret Provide the encrypted key stored on the VPN server and used by the profile for VPN access.
    Encryption Enable to encrypt traffic on this connection.
    Identify Certificate Enter the certificate credentials used to authenticate the connection.
    Use Web Logon for Authentication Enable to redirect users to the web page of the selected VPN client for the user to enter their user credentials for authentication.
    Realm Define the server used to authenticate the device.
    Role Defines the network resources that the device can access.
    Password Provide the credentials required for end-user VPN access.
    Server Enter the hostname or IP address of the server for connection.
    User Authentication Choose Password or Certificate as the method required to authenticate the VPN session.
    Enable VPN On Demand Enable VPN On Demand to use certificates to automatically establish VPN connections.

    Select either Manual or Auto proxy type to configure with this VPN connection.

    Server Enter the URL of the proxy server.
    Port Enter the port used to communicate with the proxy.
    Username Enter the user name to connect to proxy server.
    Password Enter the password for authentication.
  5. Select Save & Publish.