AirWatch Console Configuration

In this chapter you create a Per-App VPN profile and deploy an Application configured to use the F5 Access app on iOS.

1. Create an iOS VPN Profile

In this step you will configure the iOS profile that will be delivered to the device to configure the F5 Access app on the device to allow only designated applications to access content on internal servers.

1.1. Add a New Profile

  1. Click Add.
  2. Click Profile.

1.2. Select the OS the profile will be used for.

Select the OS the profile will be used for.

Click Apple iOS.

1.3. Configure the General Properties of the Profile

Configure the General Properties of the Profile
  1. Select General.
  2. You may need to scroll down to view the Name and Assigned Groups fields.
  3. Enter "F5 Per-App VPN" as the Name.
  4. Click the Assigned Groups field.
  5. Select "All Devices @ [email protected]" as the Assigned Smart Group.

1.4. Add a Credentials Payload

Add a Credentials Payload
  1. Click Credentials from the Payload menu.
  2. Click Configure to go to the Credential configuration menu.

1.5. Configure the Credentials Payload

Configure the Credentials Payload

For the purposes of this lab, a Certificate Authority has already been configured for you to use. We have connected this Microsoft CA to AirWatch to allow AirWatch to issue and manage client certificates for use with the F5 SSL VPN. This allows users to seamlessly connect to the VPN and authenticate without the need for entering username and password. As soon as the designated application is opened on the device, the VPN connection will be established.

  1. Select Defined Certificate Authority for the Credential Source field.
  2. Select HOL.AIRWLAB.COM HOL CA  for the Certificate Authority field.
  3. Select HOL 2018 Mobile User for the Certificate Template field.

1.6. Add a VPN Payload

Add a VPN Payload
  1. Click VPN from the Payload menu.
  2. Click Configure to access the VPN payload settings.

1.7. Configure the VPN Payload

Configure the VPN Payload
  1. Select F5 SSL from the Connection Type dropdown.
  2. Enter "https://f5hol.airwlab.com:5011" in the Server field.
  3. Check the Per-app VPN checkbox.
  4. Check Connect Automatically checkbox, which should auto-enable after enabling the Per-App VPN Rules checkbox.

1.8. Configure the VPN Payload

Configure the VPN Payload
  1. Scroll down to find the Authentication section.
  2. Select Certificate for the User Authentication dropdown.
  3. Select Certificate #1 for the Identity Certificate dropdown.
  4. Click Save & Publish.

1.9. Publish the VPN Profile

Publish the VPN  Profile

Click Publish

2. Add the F5 Access App as a Public Application

In order to apply the VPN profile, the F5 Access app needs to be installed on your device. We can leverage AirWatch to deploy the F5 Access app to the device through MDM. This step will walk you through the process of adding an application from the Public App store.

2.1. Add a New Public Application

Add a New Public Application
  1. Click Add
  2. Click Public Application

2.2. Search for the Application to Add

Search for the Application to Add
  1. Select Apple iOS from the Platform dropdown.
  2. Ensure Search App Store is set for the Source option.
  3. Enter "F5 Access" in the Name field.
  4. Select Next

2.3. Select the F5 Access App from the Search Results

Select the F5 BIG-IP Edge Client from the Search Results

Click Select on the F5 Access for iOS application.

2.4. Save and Assign F5 Access

Click Save & Assign.

2.5. Add Assignment for F5 Access

Click + Add Assignment.

2.6. Configure F5 Access Assignment Settings

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups.  Start Typing "All Devices" and select the All Devices ([email protected]) Group.
  2. Select Auto for the App Delivery Method.

2.7. Configure Policies for F5 Access

  1. Scroll down to find the Policies section.
  2. Select Enabled for Remove on Unenroll.
  3. Click Add.

2.8. Confirm Assignment and Save

  1. Confirm the Assignment you created is displayed.
  2. Click Save & Publish.

2.9. Preview Assignment and Publish

Click Publish.

3. Add VMware Browser as a Public Application

In order to associate the VPN profile to specific apps, you need to add the application through MDM. This step will walk you through the process of adding an application from the Public App store that will be associated to the VPN profile you created.

3.1. Add a New Public Application

Add a New Public Application
  1. Click Add
  2. Click Public Application

3.2. Search App Store for VMware Browser

  1. Select Apple iOS for the Platform
  2. Enter "VMware Browser" for the Name
  3. Click Next

3.3. Select the VMware Browser Result

Click Select for the VMware Browser result.

3.4. Save and Assign VMware Browser

Click Save & Assign

3.5. Add Assignment for VMware Browser

Click + Add Assignment

3.6. Configure VMware Browser Assignment Settings

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing "All Devices" and select the All Devices ([email protected]) Group.
  2. Select Auto for the App Delivery Method.

3.7. Configure Policies for VMware Browser

  1. Scroll down to find the Policies section.
  2. Select Enabled for Managed Access.
  3. Select Enabled for Remove On Unenroll.
  4. Select Enabled for App Tunneling.
  5. Select the F5 Per-App VPN profile for Per-App VPN Profile.
  6. Click Add.

3.8. Confirm Assignment and Save

  1. Confirm that the Assignment you just configured is displayed.
  2. Click Save & Publish.

3.9. Preview Assigned Devices and Publish

Click Publish.