Netskope Help

Create a Per-App VPN Profile

By default all Netskope tenants are set to On-Demand iOS VPN. If you want to use the Per-App iOS VPN profile, contact your sales rep, professional services rep, customer success manager, or Support to have Per-App VPN enabled.

You need to know the VPN Server Name and PAC URL shown in the VPN Configuration section of the Netskope UI (Settings > Security Cloud Platform > Netskope Client > MDM Distribution) to complete these steps.

To create a Per-App VPN profile:

Creating Per-App VPN Profile
  1. Go to Devices > Configuration Profiles > Create Profile.

    img-07-vpnProfile.png
  2. In the Basics tab of the VPN panel, provide a name for the profile and click Next.

    • Name: Enter a unique name.

    • Platform: iOS

    • Profile type: VPN

  3. In the Base VPN panel, enter and select these parameters:

    • Connection Type: Cisco (IPSec).

    • In the Base VPN section, enter and select these parameters

      img-08-vpnBaseVPN.png
      • Connection Name: Enter a name that users will recognize when the profile is installed on their device.

      • VPN Server address: Enter the VPN Server Name from the VPN Configuration section in the Netskope tenant WebUI.

      • Authentication Method: Certificates.

      • Authentication Certificate: Click Select a client authentication certificate, select the SCEP certificate profile you previously created, and then click OK.

      • Split Tunneling: Disabled

  4. In the Automatic VPN section , and then enter and select these parameters:

    • For Type of automatic VPN, select Per-app VPN.

    • Safari URLS that will trigger this VPN: Add the domains for per-app VPN, like Box.com, and so on (separated by a comma). After entering the URLs, click Add.

  5. In the Proxy section, for Automatic Configuration Script, enter the PAC URL from the VPN configuration section in the Netskope tenant webUI. Click Next to continue

  6. In the Assignments tab, select your target audience for this profile. Click Next to continue.

  7. In the Review + Create tab, verify your settings and click Create.XYZ

  8. Associate the Per-App VPN profile with the applications to steer through the VPN connection. Go to Intune > Client Apps > App Licenses, select one of the apps listed there, and then click Assignments

    PerAppAssignment.png
  9. Click Add group, select Required for Assignment Type, click Yes to include Users and Devices (per your needs), and then click Select groups to include.

    PerAppSelectGroups.png
  10. Search for and choose one or more groups, and then click Select. Click OK in the Assign and Add Group panels.

Associating the Per-App VPN profile with the Apps

Associate the Per-App VPN profile with the applications to steer through the VPN connection

  1. In the MEM admin console, go to Apps > All apps , select one of the apps listed there, and then click Properties.

    11-perApp.png
  2. In the app properties page, click Edit.

    12-perApp-assignments.png
  3. In the Required section, click Add Group. Search and choose one or more groups, and then click Select.

    13-perApp-addGroup.png