Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources. VPN profiles enable each device to function as if it were connected through the on-site network.
- Navigate to Resources > Profiles & Baselines > Profiles > Add. Select Apple macOS, and then select whether this profile will apply to only the enrollment user on the device (User Profile), or the entire device (Device Profile).
- Configure the profile's General settings.
- Select the VPN payload.
- Configure Connection settings.
The following settings vary depending on the type of connection selected.
Settings Description Connection Name Enter the name of the connection name to be displayed on the device. Connection Type
Select one of the following network connection method from the drop-down menu. For detailed information on each of the connection methods, refer to the individual pages.
- L2TP (default connection)
- IPSec (Cisco) (applicable for VPN On Demand)
- F5 SSL (applicable for VPN On Demand)
- Custom SSL (applicable for VPN On Demand)
- F5 Access (applicable for VPN On Demand)
Note: VPN on demand is the process of automatically establishing a VPN connection for specific domains. For increased security and ease of use, VPN on demand uses certificates for authentication instead of simple passcodes.
Server Enter the hostname or IP address of the server to be connected. Account Enter the user account name for authenticating the VPN connection. Send All Traffic Select this check box to force all traffic through the specified network. Per App VPN Rules For macOS v10.9 devices, use Per-App VPN to choose what apps should connect to what networks. Provider Type Select the type of the VPN service. If the VPN service type is an App proxy, the VPN service tunnels the traffic at the application level. If it is a Packet Tunnel, the VPN service tunnels the traffic at the IP layer. Exclude Local Networks Enable the option to include all networks to route the network traffic outside the VPN. Include All Networks Enable the option to include all networks to route the network traffic through the VPN. Connect Automatically Select this check box to allow the VPN to connect automatically to chosen Safari domains. Enable Safari Domains
Enable this setting to set specific domains or hosts that open the secure VPN connection in the Safari browser. Add domains as needed.
If you configure a VMware Tunnel Per-App Tunnel network traffic rule for the Safari app for macOS, Workspace ONE UEM disables this setting. The network traffic rules override any configured Safari Domain rules.
Enable Mail Domains Enable this setting to set specific domains or hosts that open the secure VPN connection in the Mail client. Add domains as needed. Enable Contact Domains Enable this setting to set specific domains or hosts that open the secure VPN connection in the Contact domain. Add domains as needed. Enable Calendar Domains
Enable this setting to set specific domains or hosts that open the secure VPN connection in the Calendar domain. Add domains as needed.
App Mapping Enable this setting to allow specific applications to open a secure VPN connection. Add app bundle ID(s) for applications allowed to open a secure VPN connection.
- Configure Authentication information.
Setting Description User Authentication Select the radio button to indicate how to authenticate end users through the VPN, through either password or RSA SecurID. Password Enter the password for the VPN account. Machine Authentication Select the type of machine authentication to authorize end users for the VPN access. Identity Certificate Enter the credentials to authorize end users for the VPN connection (if Certificate is selected as machine authentication). Shared Secret Enter the Shared Secret key to be provided to authorize end users for the VPN connection (if Shared Secret is selected as machine authentication). Proxy
Select either Manual or Auto as the proxy type to configure with this VPN connection.
Server Enter the URL of the proxy server. Port Enter the port used to communicate with the proxy. Username Enter the user name to connect to the proxy server. Password Enter the password for authentication. Proxy Server Auto Config URL Enter the proxy server auto configuration URL. Provider Designated Requirement Use this field only when the VPN provider is implemented as a System extension.
- Select Save & Publish when you are finished to push the profile to devices.