VPN

The VPN settings provide settings for a Virtual Private Network (VPN) on an Android device.

VPN configuration settings

The following table describes the VPN settings that you can configure on a device:

Policy setting Description Supported devices
Enable Always on VPN If this setting is turned on, MaaS360 ensures that device connects to VPN at all times. When the device is rebooted, the VPN is automatically re-initiated.
Note: Prior to setting up the Always on VPN, you must ensure that the base VPN connection is applied to the device.
To set up the Always On VPN, you can choose from a list of predefined VPN connection types or manually enter the VPN package name.
Note: If you configure both VPN Type and Always on Package Name, then the VPN Type is applied on the device.
  • VPN Type: Select one of the following predefined VPN connection types:
    • F5 Edge Client
    • Pulse Secure
    • IBM® MaaS360® VPN
    • Cisco AnyConnect
    • Aruba VIA®
  • Always on VPN Package Name: Provide a VPN Package name. This configuration is applied only if a VPN Type is not selected.
Android 7.0+ PO and DO
Enable Lockdown

The device is restricted from accessing the internet without the VPN. If the VPN connection drops, the device won’t be able to access the internet until the VPN is reconnected.

 Android 7.0+ PO and DO

The Exempt applications from Always on VPN Lockdown field is displayed when you select the Enable Lockdown.

You can add the app IDs in this field to exempt applications from VPN lockdown. MaaS360 allows users to access these configured applications even if VPN is not connected in the device.

 Android 10.0+ (PO & DO)
Add VPN configuration F5 Edge Client
  • Profile name (required)
  • Server address (required)
  • Logon mode (required): Native or Web Logon
  • Authentication type (required): Password, Certificate, or Certificate + Password
  • Allow users to update VPN profile: If you disable this setting, users cannot modify this setting on the device.
  • Type:
    • App Level: per app VPN
    • Container Level: Blocklist apps that cannot use the VPN.
 Android 5.0+ PO and DO
Pulse Secure
  • Profile name (required)
  • Server address (required)
  • Username: Leave this field blank to automatically fill the field from the MaaS360 user record.
  • Authentication type: Password, Certificate, or Certificate + Password
  • Realm
  • Role
  • Type:
    • App Level: per app VPN
    • Container Level: Blocklist apps that cannot use the VPN.
 Android 5.0+ PO and DO
IBM MaaS360 VPN
  • VPN connection name (required)
  • Select VPN server: Pulls server information from configured Cloud Extenders.
  • Type:
    • App Level: per app VPN
    • Container Level: Blocklist apps that cannot use the VPN.
  • Maximum connection duration: The values are 1 -24 hours. If you do not enter a value, the connection is not terminated.
  • Terminate inactive connection after 5 - 60 minutes: This setting applies only if Always On is not configured.
 Android 5.0+ PO and DO
Cisco AnyConnect
  • VPN connection name (required)
  • Host name of the VPN server (required)
  • Prompt user to install Cisco AnyConnect from the Google Play Store
  • Certificate mode: Disabled, automatic, or manual
 Android 5.0+ PO and DO
Aruba VIA
  • VIA Controller Domain or IP Address (required)
  • Username: Leave this field blank to automatically fill the field from the MaaS360 user record.
  • Domain: Leave this field blank to automatically fill the field from the MaaS360 user record.
  • VIA Auth Profile: The Virtual Internet Access (VIA) authentication profile that authenticates VIA users to a server group.

    This setting is required if you are using different authentication profiles for different users.

  • Identity certificates: The identity certificate that is used to identify a configured VPN as a legitimate VPN connection.

    This setting requires that the Passcode policy is also configured on the device.

 Android 5.0+ PO and DO