To leverage the network extension framework for Pulse Mobile for iOS 7.0.0 and above, please create a new VPN Profile using the Custom SSL
option. In the following example, two VPN profiles (plugin and network extension) will be pushed to ensure the proper access for the certificate is available for Pulse Mobile for iOS 7.0.0 while leaving the existing certificate in the system keychain for other applications.
The identifier for network extension is net.pulsesecure.pulsesecure
- Login to MobileIron console
- From the top menu, select Policies & Configs > Configurations
- Using the search icon, search for the existing VPN profile
- From the list of results, select the checkbox for corresponding configuration
- Select Actions > Save As
- In the Name field, enter a friendly name for the profile
- For the connection type, change from Pulse Secure SSL to Custom SSL
- In the identifier field, enter net.pulsesecure.pulsesecure
- Click Save
- From the list, select the checkbox for the new configuration
- Select Actions > Apply To Label
- From the list of labels, select the applicable label to assign the configuration to iOS devices
- Click Apply
- Login to Airwatch WorkSpace One UEM console.
- From the left pane, click Devices > Profiles & Resources > Profiles
- From the right pane, select the radio button for the existing profile
- Select More Actions > Copy
- Under General, in the Name field, enter a friendly name to identify the network extension profile
- For Assigned Groups, ensure to assign the profile to the applicable group to ensure user get both profiles
- From the left pane, select VPN
- Under VPN, change Connection Type from Pulse Secure to Custom
- In the Identifier field, enter net.pulsesecure.pulsesecure
- Click Save & Publish
Create a Profile by following below steps as in screenshots with with VPN identifier field as net.pulsesecure.pulsesecure
To confirm if both profiles are pushed, navigate to Settings
> Device Management
> [Name of MDM profile] > More Details
. Under VPN Settings, there should be two settings.
For Pulse Mobile 6.8.0 users and below, the app only supports the plugin identifier and there is no behavior change for these users.
For Pulse Mobile 7.0.0 users and above, the app supports both plugin and network extension identifier. This will result in two connections appearing for every connection. Note : Pulse client UI will show the 2 connections one for Plugin and one for the Network extension,we can delete the Plugin Profile once devices have upgraded to 7.0.0 client, please do not delete the Plugin profile for devices which are still on 6.8.0 manually or from the MDM server.
Also Note: If only the profile with type "Pulse Secure" connection is pushed, then new users, even when their device is running iOS 12.0 or greater, and installing Pulse Client 7.0 or greater, will still not be able to use the certificates. This becomes important if users encounter the issue after upgrading, and fix it with the workaround of re-naming and re-pushing the VPN Profile. That workaround alone will fix the issue for existing users who upgrade; but new users registering new devices will still encounter the problem on initial installation unless the profile is also updated to use "custom VPN".