Netskope Help

Configure AirWatch for iOS VPN

A VPN profile is required for sending traffic to Netskope’s gateway for advanced DLP and risk analytics. In iOS, a VPN profile can be created for On-Demand or Per-App VPN. You should already have a configuration of AirWatch with a Certificate Authority and Template with the Subject Name in PEM format to generate user certificates for VPN authentication.

Root CA and any intermediate CA certificates used for issuing device certificates have to be configured in the Netskope VPN server so that the Netskope VPN server can validate the user certificates when the device connects to the Netskope VPN server.

Important

Please retrieve any certificate chains from your Certificate Authority and provide them to the Netskope support team.

The steps required to get the needed certificate information are:

  1. Create a Certificate Authority using SCEP to issue device certificates.

  2. Create a Certificate Template with Subject Name in a specific format.

  3. Upload Certificates to Netskope.

  4. Download Netskope Certificates.

For information about iOS VPN fail-open, refer to iOS VPN Fail Open.