Reset Search
 

 

Article

KB40328 - How to configure Per-App VPN for Pulse Mobile for iOS with Pulse Workspace and Pulse Connect Secure (PCS) device

« Go Back

Information

 
Last Modified Date12/20/2016 11:03 PM
Synopsis
This article provides the step-by-step instructions how to configure Per-App VPN Pulse Mobile for iOS with Pulse Workspace (PWS) and Pulse Connect Secure (PCS) device.
Problem or Goal
Cause
Solution

Prerequisite(s):

  • Pulse Workspace or other third-party MDM solution (MobileIron and AirWatch instructions can be found here)
  • Existing Pulse Connect Secure (PCS) device running 7.2 or later
  • Recommended:  Vpn On Demand (VOD) configuration with certificate authentication.  If VOD is not configured, Per-App Vpn tunnel must be manually launched using the Pulse mobile app.

Note:  For PCS 8.0R5 to 8.0R11 and 8.1R1 to 8.1R4, PAC license (Pulse AppConnect license) is required for each physical device that does accept AppConnect tunnels from mobile devices. (*Virtual Connect Secure deployments do not currently require the PAC license.)
 

Section 1:  Pulse Workspace Configuration
Section 2:  Pulse Connect Secure Configuration

​​

Pulse WorkSpace Configuration:

  1. Login to Pulse Workspace admin console.
  2. From the top menu bar, select Policies.
  3. From the left pane, select Add.
User-added image
  1. In the Policy Name field, enter a friendly name to help identify the policy.
  2. In the Has user tag and LDAP group fields, enter the user tag or LDAP groups to apply the policy to.  These options can be modified in the future.
User-added image
  1. Click Save.
  2. From the left pane, click on the friendly name for the policy.
User-added image
  1. From the right pane, click the Properties tab.
User-added image
  1. Under Policy Name, navigate to the VPN section and configure the following options:
    • VPN Host = Sign-in page of the PCS device (fully qualified domain name or IP address)
    • VPN Type = Pulse SSL
    • Optional (VOD): VPN Safari Domains = Domain name(s) to automatically launch the tunnel (also referred to as VPN On Demand) **
    • Optional (VOD): VPN Certificate Auth = Client certificate will be deployed to WorkSpace endpoints to support VOD scenario **
    • Optional: VPN Realm = Realm name configure on the PCS device
    • Optional: VPN Role = Role name configured on the PCS device
** For VPN On Demand (VOD) to properly work, this does require a certificate auth server to be configured on the PCS device.  For more instructions, please refer to KB40360 - VPN On Demand with Pulse WorkSpace and Pulse Connect Secure
 
User-added image
  1. From the right pane, click the iOS App Rules tab.
User-added image
  1. Click Add.
User-added image
  1. Under Add App Rule, enter the app name in the search box and hit the Enter key.
  2. From the list, select the app to configure for Per-App VPN.
  3. Click Next.
User-added image
  1. For Rule Type, leave as Add.
  2. For Network Access, select Per App VPN.
  3. Click Save.
User-added image

Per-App VPN configuration is complete for Pulse Workspace.  The policy will remain in edited state until the policy is published.  The administrator may make additional policies changes prior to pushing the policy.  Once all changes are completed, click Publish button.

User-added image

For additional Pulse Workspace help documentation, please click here.




Pulse Connect Secure (PCS) Configuration:

  1. Login to PCS admin console.
  2. Navigate to Users > User Roles > New Role.
User-added image
  1. In the Name field, enter a friendly name for the Per-App VPN role.
  2. Under Access features, select the checkbox for Secure Application Manager > Windows Version and VPN Tunneling.
User-added image
  1. Click Save Changes.
  2. Navigate to Users > Resource Profiles > WSAM Destinations > New Profile.
User-added image
 
  1. For the Name field, enter a friendly name for the profile.
  2. Under Destination, enter the list of IP addresses to tunnel through the Per-App VPN tunnel.  (Note:  FQDN names are supported starting in 8.2R3 and above for the Per-App tunnel)
User-added image
  1. Click Save and Continue.
  2. Under Available Roles list, select the role created for Per-App VPN (above), then click Add.
User-added image
  1. Click Save Changes.
Administrator may create a new sign-in page and user realm or use an existing sign-in page and user realm for Per-App VPN role.  (Note:  Sign-in page and User realm will need to match step 8 in the PWS configuration)
 

Optional configuration for VPN On Demand:

Please refer to KB40360 - VPN On Demand with Pulse WorkSpace and Pulse Connect Secure
Related Links
Attachment 1 
Created ByDarryl Wong

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255