Netskope Help

Configure the On-Demand VPN Profile

To configure an on-demand VPN profile:

  1. In the MobileIron Core UI, go to Policies & Configs > Add New > VPN.

  2. Enter these parameters:

    • Name: Enter your VPN connection profile name.

    • Connection Type: IPSec (Cisco).

    • Server: Enter the Netskope VPN server name from the VPN Configuration section in the Netskope UI (Settings > Security Cloud Platform > Netskope Client > MDM Distribution).

    • Proxy: Automatic from Proxy

    • Proxy Server URL: Enter the PAC URL value from the VPN Configuration section in the Netskope UI.

    • Username: $EMAIL$.

    • User Authentication: Certificate.

    • Identity Certificate: Select the Certificate Name (defined in the Configuring Local Certification Enrollment section) from the dropdown list.

    • XAuth Enable: Enable the checkbox.

    • Password: $EMAIL$.

    • VPN On-Demand: Enable the checkbox. VPN starts whenever your users try to access the configured domain.

  3. Scroll down to On-Demand Rules (iOS7 and later) and click Add+ to create the Domain Based Rules. These are the domains for which the on-demand VPN is triggered and must be configured for iOS7 and later devices.

  4. For On-Demand Action, select Evaluate Connection.

  5. For matching rules, select URL String Probe and set the value from the MDM Distribution page in the Netskope UI.

  6. Click Add+ under the Action Parameters box.

  7. Domain Action: Connect if needed.

  8. Click Add+, and then add the SaaS domain names. Get the domain names for each SaaS app from the MDM Distribution page by clicking Download Domain List in the Create VPN Configuration section.

  9. After adding the on-demand domains, add another entry for Required URL Probe with the value: . Click OK.

  10. Set the Default Rule as Disconnect.

  11. When finished, click Save.

Distribute to Devices
  1. Select the following from the Policies & Configs page:

    • SCEP Profile Name

    • Netskope Root CA Public Key

    • Customer Intermediate CA Public Key

    • VPN Profile

  2. Select Apply to Label in the More Actions dropdown list for devices. When the Apply to Label window opens, select iOS and click Apply.

  3. To verify the VPN works, launch a managed app (like Box), and you should see the VPN icon at the top of the Status bar for iOS devices.