Reset Search
 

 

Article

KB43870 - Create VPN profile for Network Extension for Pulse Mobile for iOS 7.0.0

« Go Back

Information

 
Last Modified Date8/22/2018 9:36 PM
Synopsis
This article provides step-by-step instructions how to create a VPN profile to leverage the Network Extension framework for Pulse Mobile for iOS 7.0.0.
Problem or Goal
There are two scenarios where pushing the network extension profile is recommended:
  1. One certificate is leverage by the VPN profile and other applications.  Due to the certificate migration process (as part of Pulse Mobile for iOS 7.0.0 and above), this will negatively impact other applications.
  2. Provision new devices using a MDM vendor where the VPN profile is installed before the Pulse Mobile app and the same certificate is leverage by the VPN profile and other applications.  In this case, certificate will be installed in the system keychain and certificate migration will occur after the Pulse Mobile app is installed.
In both scenarios, if the network extension profile is pushed to the device via MDM, the certificate migration will not occur by iOS and prevent the certificate permission issue with other applications.
Cause
Solution
To leverage the network extension framework for Pulse Mobile for iOS 7.0.0 and above, please create a new VPN Profile using the Custom SSL option.  In the following example, two VPN profiles (plugin and network extension) will be pushed to ensure the proper access for the certificate is available for Pulse Mobile for iOS 7.0.0 while leaving the existing certificate in the system keychain for other applications.

The identifier for network extension is net.pulsesecure.pulsesecure

MOBILEIRON

  1. Login to MobileIron console
  2. From the top menu, select Policies & Configs > Configurations
  3. Using the search icon, search for the existing VPN profile
  4. From the list of results, select the checkbox for corresponding configuration
  5. Select Actions > Save As
User-added image
  1. In the Name field, enter a friendly name for the profile
  2. For the connection type, change from Pulse Secure SSL to Custom SSL
User-added image
  1. In the identifier field, enter net.pulsesecure.pulsesecure
User-added image
  1. Click Save
  2. From the list, select the checkbox for the new configuration
  3. Select Actions > Apply To Label
  4. From the list of labels, select the applicable label to assign the configuration to iOS devices
  5. Click Apply
User-added image
 

AIRWATCH

  1. Login to Airwatch WorkSpace One UEM console.
  2. From the left pane, click Devices > Profiles & Resources > Profiles
User-added image
  1. From the right pane, select the radio button for the existing profile
  2. Select More Actions > Copy
User-added image
  1. Under General, in the Name field, enter a friendly name to identify the network extension profile
  2. For Assigned Groups, ensure to assign the profile to the applicable group to ensure user get both profiles
  3. From the left pane, select VPN
  4. Under VPN, change Connection Type from Pulse Secure to Custom
  5. In the Identifier field, enter net.pulsesecure.pulsesecure
User-added image
 
  1. Click Save & Publish
 
MICROSOFT INTUNE

Create a Profile by following below steps as in screenshots with with VPN identifier field as net.pulsesecure.pulsesecure

User-added image

User-added image


To confirm if both profiles are pushed, navigate to Settings > General > Device Management > [Name of MDM profile] > More Details.  Under VPN Settings, there should be two settings.


User-added image

For Pulse Mobile 6.8.0 users and below, the app only supports the plugin identifier and there is no behavior change for these users.

For Pulse Mobile 7.0.0 users and above, the app supports both plugin and network extension identifier.  This will result in two connections appearing for every connection.  

Note : Pulse client UI will show the 2 connections one for Plugin and one for the Network extension,we can delete the Plugin Profile once devices have upgraded to 7.0.0 client, please do not delete the Plugin profile for devices which are still on 6.8.0 manually or from the MDM server.
Related Links
Attachment 1 
Created ByK. Kitajima

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255