App to VPN assignment

Introduction #

When setting up a cross-device VPN, all device data is routed through the private network. Sometimes, a company may want to set up a VPN only for their enterprise applications. Apple allows VPN connections to be set up for iPhones, iPads and MacBooks on an app-by-app basis. Here, administrators can control exactly what data flows through the VPN. The policy configuration of an app-to-VPN mapping helps organizations keep app-level traffic apart, allowing for the separation of personal and corporate data.

Prerequisite #

An app-to-VPN association can be set up directly through Relution. This only works for apps that are installed and managed by the MDM on the devices. In addition, administrators can also configure VPN connections to automatically establish VPN connections for specific domains when a corresponding app requests a network connection.

Relution supports the following connection types for establishing a VPN connection on iOS and macOS devices:

• IPSec
• JuniperSSL
• SonicWALL
• AnyConnect Legacy
• AnyConnect
• IKEv2
• Custom SSL.

How to configure app-to-VPN for iOS and macOS devices. #

1. Two policy configurations are required to set up used VPN for individual apps:

   • VPN
   • App-to-VPN mapping.

   

2. Within the VPN configuration, the option VPN connection for apps and accounts has to be activated and depending on the VPN type, all necessary fields have to be filled in.

   

3. Within the configuration app-to-VPN-association, apps can be defined for stored VPN connection.

   

4. Additional domain and email settings are possible in the VPN configuration under Per-Account-VPN.