Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How do I set up a GlobalProtect VPN using Workspace ONE for iOS


How do I set up a GlobalProtect VPN using Workspace ONE for iOS


To set up a GlobalProtect VPN using Workspace ONE for iOS, follow these steps:

1. Download the GlobalProtect App

- Obtain the GlobalProtect app for iOS from the Apple App Store or deploy it through Workspace ONE.

2. Access the Workspace ONE Console

- Log into the Workspace ONE UEM console and navigate to the Devices section.

3. Create or Modify an iOS Profile

- Go to Profiles & Resources > Profiles and select Add to create a new profile or modify an existing one.

- Choose iOS as the platform.

4. Configure General Settings

- Enter a Name for the profile.

- Optionally, add a brief Description to indicate the profile's purpose.

- Select the Deployment method (Managed or Manual) and the Assignment Type (Auto or Manual).

5. Set Up VPN Configuration

- In the VPN settings:

- Connection Name: Enter a name that will be displayed on the endpoint.

- Connection Type:
- For GlobalProtect app versions 4.1.x and earlier, select Palo Alto Networks GlobalProtect.
- For GlobalProtect app version 5.0 and later, select Custom and enter the bundle ID as `com.paloaltonetworks.globalprotect.vpn` (or `com.paloaltonetworks.globalprotect.vpncn` if using the app from the App Store in China).

- Server: Enter the hostname or IP address of the GlobalProtect portal.

- Authentication: Set the user authentication method to Certificate. Select the Identity Certificate that GlobalProtect will use for authentication.

- Optional settings include specifying a Disconnect on idle time and enabling Per App VPN Rules to route traffic for managed apps through the VPN.

6. Configure Additional Settings (Optional)

- Set up Proxy settings if required.

- If your deployment requires HIP integration with MDM, specify the unique device identifier (UDID) attribute.

7. Save and Publish the Profile

- After configuring all necessary settings, click Save and then Publish the profile to deploy it to the designated devices.

8. Testing the Configuration

- Once the profile is deployed, test the GlobalProtect VPN by launching the app on an enrolled iOS device. Ensure that the VPN connects automatically when accessing managed applications.

By following these steps, you can effectively configure GlobalProtect VPN access for iOS devices using Workspace ONE, ensuring that managed applications can securely route traffic through the VPN tunnel.

Citations:
[1] https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/mobile-endpoint-management/manage-the-globalprotect-app-using-workspace-one/configure-workspace-one-for-ios-endpoints/configure-a-per-app-vpn-configuration-for-ios-endpoints-using-workspace-one
[2] https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/mobile-endpoint-management/manage-the-globalprotect-app-using-workspace-one/configure-workspace-one-for-ios-endpoints/configure-an-always-on-vpn-configuration-for-ios-endpoints-using-workspace-one
[3] https://techzone.omnissa.com/resource/deploying-workspace-one-tunnel-workspace-one-operational-tutorial
[4] https://www.reddit.com/r/paloaltonetworks/comments/15j4uan/per_app_vpn_set_up_on_iphone_using_global_protect/
[5] https://www.reddit.com/r/paloaltonetworks/comments/znm4ye/ios_always_on_vpn_with_apple_configurator/