Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources. VPN profiles enable each device to function as if it were connected through an on-site network. Configuring a VPN profile ensures that end users have the seamless access to email, files, and content.

Procedure

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add. Select Apple iOS.
  2. Configure the profile's General settings.
  3. Select the VPN payload.
  4. Configure Connection information, including:
    The settings that you see may vary depending on the Connection Type you choose. For more information on using the Forcepoint or the Blue Coat for content filtering, see Creating a Forcepoint Content Filter Profile and Creating a Blue Coat Content Filter Profile.
    Settings Description
    Connection Name Enter the name of the connection to be displayed on the device.
    Connection Type Use the drop-down menu to select the network connection method.
    Server Enter the hostname or IP address of the server for connection.
    Account Enter the name of the VPN account.
    Send All Traffic Force all traffic through the specified network.
    Disconnect on Idle Allow the VPN to auto-disconnect after a specific amount of time. Support for this value depends on the VPN provider.
    Connect Automatically Select to allow the VPN to connect automatically to the following domains. This option appears when Per App VPN Rules is selected.
    • Safari Domains
    • Mail Domains
    • Contacts Domains
    • Calendar Domains
    Provider Type Select the type of the VPN service. If the VPN service type is an App proxy, the VPN service tunnels the traffic at the application level. If it is a Packet tunnel, the VPN service tunnels the traffic at the IP layer.
    Per App VPN Rules Enables the Per App VPN for devices. For more information, see Configuring Per-App VPN for iOS Devices.
    Authentication Select the method to authenticate to end users. Follow the related prompts to upload an Identity Certificate, or enter a Password information, or the Shared Secret key to be provided to authorize end users for VPN access.
    Enable VPN On Demand Enable VPN On Demand to use certificates to establish VPN connections automatically using the Configuring VPN On Demand for iOS Devices section in this guide.
    Proxy

    Select either Manual or Auto as the proxy type to configure with this VPN connection.

    Server Enter the URL of the proxy server.
    Port Enter the port used to communicate with the proxy.
    Username Enter the user name to connect to the proxy server.
    Password Enter the password for authentication.
    Vendor Keys

    Select to create custom keys to go into the vendor config dictionary.

    Key Enter the specific key provided by the vendor.
    Value Enter the VPN value for each key.
    Exclude Local Networks Enable the option to include all networks to route the network traffic outside the VPN.
    Include All Networks Enable the option to include all networks to route the network traffic through the VPN.
    Note: If you have chosen IKEv2 as the type, you are eligible to enter the minimum and the maximum TLS version for the VPN connection. Provided that you enable the Enable EAP check box before you enter the TLS version.
  5. Select Save & Publish. End users now have access to permitted sites.