Netskope Help

Configure a Per-App VPN

By default all Netskope tenants are set to On-Demand iOS VPN. If you want to use the Per-App iOS VPN profile, contact your sales rep, professional services rep, customer success manager, or Support to have Per-App VPN enabled.

To configure a Per-App VPN:

  1. In the Mobile Iron Cloud admin console, select Configurations and click Add.

  2. Select Per-App VPN.

  3. Enter these parameters:

    • Connection Type: IPSec (Cisco)

    • Server: <VPN Server name from your Netskope tenant>

    • Account: Leave blank.

    • Machine Authentication: Certificate

    • Credential: Select the identity certificate you created.

    • Include User PIN: Off

    • Proxy Setup: Automatic

    • Proxy Server URL: <PAC URL from your Netskope tenant>

    • Enable VPN On Demand: On

    • Enable iOS Rules: On

    • On Demand Match App Enabled: Off

    • Provider Type: app-proxy

  4. When finished, click Save.

Select Apps for the Per-App VPN

To select apps for the Per-App VPN:

  1. In the Mobile Iron Cloud admin console, select Apps and click Add.

  2. Select App Catalog to go through the wizard to select the apps to be distributed to the devices.

  3. Select App Configurations, and then select Per-App VPN.

  4. Enter these parameters:

    • Name: Enter a name.

    • Enable Per-App VPN for this App: On

    • Dropdown list: Select the Per-App VPN configuration you created.

  5. When finished, click Update.

Distribute to Devices

To validate the device has the necessary configurations:

  1. In the Mobile Iron Cloud admin console, select Devices.

  2. Force device check-in.

  3. Select Configurations to view the device details.