AirWatch Console Configuration
In this chapter you create a Per-App VPN profile and deploy an Application configured to use the F5 Access app on iOS.
1. Create an iOS VPN Profile
In this step you will configure the iOS profile that will be delivered to the device to configure the F5 Access app on the device to allow only designated applications to access content on internal servers.
1.1. Add a New Profile
- Click Add.
- Click Profile.
1.2. Select the OS the profile will be used for.
Click Apple iOS.
1.3. Configure the General Properties of the Profile
- Select General.
- You may need to scroll down to view the Name and Assigned Groups fields.
- Enter "F5 Per-App VPN" as the Name.
- Click the Assigned Groups field.
- Select "All Devices @ [email protected]" as the Assigned Smart Group.
1.4. Add a Credentials Payload
- Click Credentials from the Payload menu.
- Click Configure to go to the Credential configuration menu.
1.5. Configure the Credentials Payload
For the purposes of this lab, a Certificate Authority has already been configured for you to use. We have connected this Microsoft CA to AirWatch to allow AirWatch to issue and manage client certificates for use with the F5 SSL VPN. This allows users to seamlessly connect to the VPN and authenticate without the need for entering username and password. As soon as the designated application is opened on the device, the VPN connection will be established.
- Select Defined Certificate Authority for the Credential Source field.
- Select HOL.AIRWLAB.COM HOL CA for the Certificate Authority field.
- Select HOL 2018 Mobile User for the Certificate Template field.
1.6. Add a VPN Payload
- Click VPN from the Payload menu.
- Click Configure to access the VPN payload settings.
1.7. Configure the VPN Payload
- Select F5 SSL from the Connection Type dropdown.
- Enter "https://f5hol.airwlab.com:5011" in the Server field.
- Check the Per-app VPN checkbox.
- Check Connect Automatically checkbox, which should auto-enable after enabling the Per-App VPN Rules checkbox.
1.8. Configure the VPN Payload
- Scroll down to find the Authentication section.
- Select Certificate for the User Authentication dropdown.
- Select Certificate #1 for the Identity Certificate dropdown.
- Click Save & Publish.
1.9. Publish the VPN Profile
Click Publish
2. Add the F5 Access App as a Public Application
In order to apply the VPN profile, the F5 Access app needs to be installed on your device. We can leverage AirWatch to deploy the F5 Access app to the device through MDM. This step will walk you through the process of adding an application from the Public App store.
2.1. Add a New Public Application
- Click Add
- Click Public Application
2.2. Search for the Application to Add
- Select Apple iOS from the Platform dropdown.
- Ensure Search App Store is set for the Source option.
- Enter "F5 Access" in the Name field.
- Select Next
2.3. Select the F5 Access App from the Search Results
Click Select on the F5 Access for iOS application.
2.4. Save and Assign F5 Access
Click Save & Assign.
2.5. Add Assignment for F5 Access
Click + Add Assignment.
2.6. Configure F5 Access Assignment Settings
- Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing "All Devices" and select the All Devices ([email protected]) Group.
- Select Auto for the App Delivery Method.
2.7. Configure Policies for F5 Access
- Scroll down to find the Policies section.
- Select Enabled for Remove on Unenroll.
- Click Add.
2.8. Confirm Assignment and Save
- Confirm the Assignment you created is displayed.
- Click Save & Publish.
2.9. Preview Assignment and Publish
Click Publish.
3. Add VMware Browser as a Public Application
In order to associate the VPN profile to specific apps, you need to add the application through MDM. This step will walk you through the process of adding an application from the Public App store that will be associated to the VPN profile you created.
3.1. Add a New Public Application
- Click Add
- Click Public Application
3.2. Search App Store for VMware Browser
- Select Apple iOS for the Platform
- Enter "VMware Browser" for the Name
- Click Next
3.3. Select the VMware Browser Result
Click Select for the VMware Browser result.
3.4. Save and Assign VMware Browser
Click Save & Assign
3.5. Add Assignment for VMware Browser
Click + Add Assignment
3.6. Configure VMware Browser Assignment Settings
- Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing "All Devices" and select the All Devices ([email protected]) Group.
- Select Auto for the App Delivery Method.
3.7. Configure Policies for VMware Browser
- Scroll down to find the Policies section.
- Select Enabled for Managed Access.
- Select Enabled for Remove On Unenroll.
- Select Enabled for App Tunneling.
- Select the F5 Per-App VPN profile for Per-App VPN Profile.
- Click Add.
3.8. Confirm Assignment and Save
- Confirm that the Assignment you just configured is displayed.
- Click Save & Publish.
3.9. Preview Assigned Devices and Publish
Click Publish.