Kaspersky Secure Mobility Management
4.1
English

Contents

Configuring a virtual private network (VPN)

This section contains information on configuring virtual private network (VPN) settings for secure connection to Wi-Fi networks.

In this section

Configuring VPN on Android devices (only Samsung)

Configuring VPN on iOS MDM devices

Configuring Per App VPN on iOS MDM devices
Page top
[Topic 141383]

Configuring VPN on Android devices (only Samsung)

To securely connect an Android device to Wi-Fi networks and protect data transfer, you should configure the settings for VPN (Virtual Private Network).

Configuration of VPN is possible only for Samsung devices running Android 11 or earlier.

The following requirements should be considered when using a virtual private network:

  • The app that uses the VPN connection must be allowed in Firewall settings.
  • Virtual private network settings configured in the policy cannot be applied to system applications. The VPN connection for system applications has to be configured manually.
  • Some applications that use the VPN connection need to have additional settings configured at first startup. To configure settings, the VPN connection has to be allowed in application settings.

To configure VPN on a user's mobile device:

  1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the Manage Samsung KNOX → Manage Samsung devices section.
  5. In the VPN section, click the Configure button.

    This opens the VPN network window.

  6. In the Connection type drop-down list, select the type of VPN connection.
  7. In the Network name field, enter the name of the VPN tunnel.
  8. In the Server address field, enter the network name or IP address of the VPN server.
  9. In the DNS search domain(s) list, enter the DNS search domain to be automatically added to the DNS server name.

    You can specify several DNS search domains, separating them with blank spaces.

  10. In the DNS server(s) field, enter the full domain name or IP address of the DNS server.

    You can specify several DNS servers, separating them with blank spaces.

  11. In the Routing field, enter the range of network IP addresses with which data is exchanged via the VPN connection.

    If the range of IP addresses is not specified in the Routing field, all internet traffic will pass through the VPN connection.

  12. Additionally configure the following settings for networks of the IPSec Xauth PSK and L2TP IPSec PSK types:
    1. In the IPSec shared key field, enter the password for the preset IPSec security key.
    2. In the IPSec ID field, enter the name of the mobile device user.
  13. For an L2TP IPSec PSK network, additionally specify the password for the L2TP key in the L2TP key field.
  14. For a PPTP network, select the Use SSL connection check box so that the app will use the MPPE (Microsoft Point-to-Point Encryption) method of data encryption to secure data transmission when the mobile device connects to the VPN server.
  15. Click the Apply button to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

Page top
[Topic 90755]

Configuring VPN on iOS MDM devices

To connect an iOS MDM device to a virtual private network (VPN) and protect data during the connection to the VPN, configure the VPN connection settings. The IKEv2 and IPSec VPN protocols also let you set up a VPN connection for selected website domains in Safari.

To configure the VPN connection on a user's iOS MDM device:

  1. In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the VPN section.
  5. Click the Add button in the VPN configurations section.

    This opens the VPN configuration window.

  6. In the Network name field, enter the name of the VPN tunnel.
  7. In the Connection type drop-down list, select the type of VPN connection:
    • L2TP (Layer 2 Tunneling Protocol). The connection supports authentication of iOS MDM device user using MS-CHAP v2 passwords, two-factor authentication, and automatic authentication using a public key.
    • PPTP (Point-to-Point Tunneling Protocol). The connection supports authentication of iOS MDM device user using MS-CHAP v2 passwords and two-factor authentication.

      The PPTP connection is no longer supported.

    • IKEv2 (Internet Key Exchange version 2). The connection establishes the Security Association (SA) attribute between two network entities and supports authentication using EAP (Extensible Authentication Protocols), shared secrets, and certificates.
    • IPSec (Cisco). The connection supports password-based user authentication, two-factor authentication, and automatic authentication using a public key and certificates.
    • Cisco AnyConnect. The connection supports the Cisco Adaptive Security Appliance (ASA) firewall of version 8.0(3).1 or later. To configure the VPN connection, install the Cisco AnyConnect app from App Store on the iOS MDM device.
    • Juniper SSL. The connection supports the Juniper Networks SSL VPN gateway, Series SA, of version 6.4 or later with the Juniper Networks IVE package of version 7.0 or later. To configure the VPN connection, install the JUNOS app from App Store on the iOS MDM device.
    • F5 SSL. The connection supports F5 BIG-IP Edge Gateway, Access Policy Manager, and Fire SSL VPN solutions. To configure the VPN connection, install the F5 BIG-IP Edge Client app from App Store on the iOS MDM device.
    • SonicWALL Mobile Connect. The connection supports SonicWALL Aventail E-Class Secure Remote Access devices of version 10.5.4 or later, SonicWALL SRA devices of version 5.5 or later, as well as SonicWALL Next-Generation Firewall devices, including TZ, NSA, E-Class NSA with SonicOS of version 5.8.1.0 or later. To configure the VPN connection, install the SonicWALL Mobile Connect app from App Store on the iOS MDM device.
    • Aruba VIA. The connection supports Aruba Networks mobile access controllers. To configure them, install the Aruba Networks VIA app from App Store on the iOS MDM device.
    • Custom SSL. The connection supports authentication of the iOS MDM device user using passwords and certificates and two-factor authentication.
  8. In the Server address field, enter the network name or IP address of the VPN server.
  9. In the Account name field, enter the account name for authorization on the VPN server. You can use macros from the Macros available drop-down list.
  10. Configure the security settings for the VPN connection according to the selected type of virtual private network. For information about these settings, refer to the context help of the administration plug-in.
  11. For IKEv2 and IPsec connections, if necessary, set up Per App VPN functionality for supported system apps (Email, Calendar, Safari, and Contacts). For details, refer to the Configuring Per App VPN on iOS MDM devices section or the context help of the administration plug-in.
  12. If necessary, configure the settings of the VPN connection via a proxy server:
    1. Select the Proxy server settings tab.
    2. Select the proxy server configuration mode and specify the connection settings.
    3. Click OK.

    As a result, the settings of the device connection to a VPN via a proxy server are configured on the iOS MDM device.

  13. Click OK.

    The new VPN is displayed in the list.

  14. Click the Apply button to save the changes you have made.

As a result, a VPN connection will be configured on the user's iOS MDM device once the policy is applied.

Page top
[Topic 90374]

Configuring Per App VPN on iOS MDM devices

The Per App VPN functionality allows a device to establish a VPN connection when supported system apps (Email, Calendar, Safari, and Contacts) are launched. This functionality is available for IKEv2 and IPSec connections.

To enable the Per App VPN functionality:

  1. Perform the initial setup of the VPN connection. For more details on the pre-configuring process, please refer to the Configuring VPN on iOS MDM devices section.
  2. Select the Enable Per App VPN check box.

Set up Per App VPN for supported system apps (Email, Calendar, Safari, and Contacts) in the corresponding policy sections.

When you select the Enable Per App VPN check box, the Turn on VPN automatically for system apps check box becomes available and is also selected. This means that the device will automatically activate the VPN connection when associated system apps initiate network communication.

To specify the Per App VPN configuration for the Email, Calendar, and Contacts apps:

  1. Go to the corresponding policy section.
  2. Click Add to create a new account or select the existing account in the list and click Edit.
  3. In the Per App VPN settings section, select the Enable Per App VPN (iOS 14+) check box.
  4. Choose this Per App VPN configuration from the Select Per App VPN configuration drop-down list and click OK to save the changes.

To specify the Per App VPN configuration for Safari:

  1. Go to the Safari policy section.
  2. Click Add.

    The Adding domain for Safari window opens.

  3. Choose this Per App VPN configuration from the Per App VPN configuration drop-down list.
  4. In the Domain for the VPN connection that will be activated field, specify the website domain that will trigger the VPN connection in Safari. The domain should be in the "www.example.com" format.
  5. Click OK to add the domain to the list.

Page top
[Topic 254347]