James_124437
Nimbostratus
Oct 23, 2013iOS 7 - Per App VPN
Does F5 support the per app VPN available now on iOS 7?
If so, can each app authenticate as different "users"?
Apple Documentation: Profile Configurations
Does F5 support the per app VPN available now on iOS 7?
If so, can each app authenticate as different "users"?
Apple Documentation: Profile Configurations
You may want to connect the iPCU and check the console logs.. also on the apm logs.
http://support.omnigroup.com/ios-console-log
Brad,
Perhaps it is worth opening a ticket with support on this. Per-App VPN will only fire automatically when you have On-demand VPN configured and working properly, else you have to establish it manually via EDGE client and then launch the App
We are trying to get the per-app VPN working. The application is Epic Haiku. The MDM provider is MobileIron. The application was to a point where it did fireup the VPN connection, but the application was not sending through the VPN.. actually it wasn't able to send data anywhere (we had a tcpdump on the wireless controller). AT that time everything BUT that application was working via the SSLVPN tunnel.
From above, I realized that the desktop and network profile needed to be removed and the 'VDI & Java Support' checked for the virtual server. We did that. Then we found that the application firing up didn't establish the SSLVPN connection any longer.
Not sure this is an active thread.. Thanks for any insights. Brad Hanson, HealthPartners, Bloomington, Minnesota (I apologize for cross posting this on another thread first-- this was the thread that it probably should have gone on).
James, from APM side, is it just set a Network Access? How about the logon setting?
Thanks and good to know that Safari is enabled by default. I'm going to setup the Per-App VPN using MobileIron. Any experience and tips to config. both APM & MobileIron?
Thanks Michael. For Per-App VPN, my understanding is this feature required the mobile app support. Is it a list of supported app? If the app is not supported, is it using Mobile SDK to make it work with APM?
You don't need the Network Access Object on APM in order to use Per-App VPN - you just need to check "VDI & Java Support" on the Virtual server. Per-App VPN and Full Network Tunnel VPN are mutually exclusive - you currently can't have both on the same virtual server.
You don't need the Network Access Object on APM in order to use Per-App VPN - you just need to check "VDI & Java Support" on the Virtual server. Per-App VPN and Full Network Tunnel VPN are mutually exclusive - you currently can't have both on the same virtual server.
Is it means that from APM side, we just need to configure the normal Network Access and let the MDM Vendor configure the Per-app VPN profile only?
MDM vendors need to specify the proper configuration in their software to enable F5 EDGE client Per-App VPN functionality.
Specifically, to specify that Per-App VPN is going to be used, they should specify the PerAppVpn key PerAppVpntrue in the configuration profile's VendorConfig section of the Per-app VPN profile.
If you are having difficulties with Per-App VPN functionality, please open a case with your MDM vendor and ask them to verify that they are sending this key as part of the F5 EDGE client per-App VPN configuration.