Network Relay

Network relays work as a replacement for VPNs. Administrators can configure relays to access private company resources without needing tunnels or VPNs.

A new built-in relay supports secure and transparent tunnelling of traffic as an alternative to using a VPN when accessing internal resources. Using the new com.apple.relay.managed payload, a secure HTTP/3 or HTTP/2 relay can be configured to proxy all TCP and UDP traffic. The configuration allows defining match and exclusion domains and can apply to managed apps, domains, or the entire device.

Configuring network relay

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New> Apple > iOS / tvOS > Network Relay. The Add Network Relay dialog box opens.
  3. On the Add Network Relay page, provide the details for the following fields:

    • Name: Enter the relay name.

    • Description: Enter the description.

    • Click Add Network Relay Settings to add multiple network relay settings.

    • Network Relay Settings: Enter the following details:

      • HTTP/3 Relay URL: Enter the URL.

      • HTTP/2 Relay URL: Enter the URL.

      • In the Additional HTTP Headers Fields section, click Add + to add additional header fields.

      • In the Certificate field, click the drop down to select a certificate.

      • Click Add + to add raw public keys.

      • Click Save.

    • In the Match Domains section, click Add + to add domains, which can apply to managed apps.

    • In the Excluded Domains section, mention the excluded domains, which can apply to managed apps.

  4. Click Save.