SonicWall Mobile Connect

This VPN connection type is supported on iOS, macOS, and Windows devices. It is not supported on Android devices.

Use the following guidelines to configure a SonicWall Mobile Connect VPN.

Within these selections, you may make settings for:

Proxy - None (default)

Use the following guidelines to configure a SonicWall Mobile VPN connection without a proxy.

Table 1. Proxy - None Settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.
  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select SonicWall Mobile Connect.

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic

Username

Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

$USERID$:$EMAIL$
$USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

NOTE: Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the user authentication to use:

Password - see next row for information.
Certificate - If you select Certificate, select the identity certificate to be used as the account credential.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

 

Continue to Windows Configuration

Continue to Custom Data.

Proxy - Manual

Use the following guidelines to configure a SonicWall Mobile VPN connection with a manual proxy.

Table 2. Proxy - Manual Settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.
  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select SonicWall Mobile Connect.

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

Select Manual. To configure an Automatic proxy, go to Proxy - Automatic

Proxy Server

Enter the name for the proxy server.

Proxy Server Port

Enter the port number for the proxy server.

Type

Select Static or Variable for the type of authentication to be used for the proxy server.

Proxy Server User Name

If the authentication type is Static, enter the username for the proxy server.

If the authentication type is Variable, the default variable selected is $USERID$.

Proxy Server Password

If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below.

If the authentication type is Variable, the default variable selected is $PASSWORD$.

Proxy Domains (iOS only)

This field is applicable to iOS only.

The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported.

Click Add+ to add a domain.

Username

Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

$USERID$:$EMAIL$
$USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

NOTE: Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the user authentication to use:

Password - see next row for information.
Certificate - If you select Certificate, select the identity certificate to be used as the account credential.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

 

Login Group or Domain

The LDAP group or domain associated with users.

VPN on Demand

This setting applies to iOS and macOS devices only.

Select to enable VPN On Demand.

The SonicWall Mobile Connect field displays.

On Demand rules are associated with an array of dictionaries that define the network match criteria identifying a particular network location.

VPN On Demand matches the dictionaries in the On Demand Rules against properties of your current network connection to determine whether domain-based rules should be used in determining whether to connect, then handles the connection as follows:

If domain-based matching is enabled for a matching On Demand Rule dictionary, then for each dictionary in that dictionary’s connection evaluation array, VPN On Demand compares the requested domain against the domains listed in the Domains array.
If domain-based matching is not enabled, the specified behavior (Connect, Disconnect, Allow, or Ignore) is used if the dictionary otherwise matches.

 

VPN On Demand rules are applied when the device's primary network interface changes, for example when the device switches to a different Wi-Fi network.

Note the following:

A matching rule is not required. The Default Rule is applied if a matching rule is not defined.
If you select Evaluate Connection, a matching rule is not required.
You can create up to 10 On Demand matching rules.
For each matching rule you can create up to 50 Type and Value pairs.

 

Per-app VPN

Select Yes to create a per-app VPN setting. An additional license may be required for this feature.

The Provider Type field displays.

Per-app VPN is supported on iOS devices version 9.0 through the most recently released version of iOS as supported by MobileIron.

You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting.

You can enable per-app VPN for an app when you:

add the app in the App Catalog.
edit an in-house app or an App Store app in the App Catalog.
NOTE: When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list.

See the MobileIron Apps@Work Guide for information about how to add or edit apps.

Provider Type

If Per-App VPN is set to Yes, define whether the per-app VPN service will tunnel traffic at the application layer (app-proxy) or the IP layer (packet-tunnel).

Select app-proxy (default) or packet-tunnel.

 

Continue to Windows Configuration

Continue to Custom Data.

Proxy - Automatic

Use the following guidelines to configure a SonicWall Mobile VPN connection with an automatic proxy.

Table 3. Proxy - Automatic Settings

Item

Description

Name

Enter a short phrase that identifies this VPN setting.

Description

Provide a description that clarifies the purpose of these settings.

Channel

For macOS only. Select one of the following distribution options:

  • Device channel - the configuration is effective for all users on a device. This is the typical option.
  • User channel - the configuration is effective only for the currently registered user on a device.

Connection Type

Select SonicWall Mobile Connect.

Server

Enter the IP address, hostname, or URL for the VPN server.

Proxy

Select Automatic. To configure a manual proxy, go to Proxy - Manual

Proxy Server URL

Enter the URL for the proxy server.

Enter the URL of the location of the proxy auto-configuration file.

Proxy Domains (iOS only)

This field is applicable to iOS only.

The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported.

Click Add+ to add a domain.

Username

Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as:

$USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as the following:

$USERID$:$EMAIL$
$USERID$_$EMAIL$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.

NOTE: Some enterprises have a strong preference concerning which identifier is exposed.

User Authentication

Select the user authentication to use:

Password - see next row for information.
Certificate - If you select Certificate, select the identity certificate to be used as the account credential.

Password

Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables:

$USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$

You can use combinations such as $EMAIL$:$PASSWORD$

Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.

 

Login Group or Domain

The LDAP group or domain associated with users.

VPN on Demand

This setting applies to iOS and macOS devices only.

Select to enable VPN On Demand.

The SonicWall Mobile Connect field displays.

On Demand rules are associated with an array of dictionaries that define the network match criteria identifying a particular network location.

VPN On Demand matches the dictionaries in the On Demand Rules against properties of your current network connection to determine whether domain-based rules should be used in determining whether to connect, then handles the connection as follows:

If domain-based matching is enabled for a matching On Demand Rule dictionary, then for each dictionary in that dictionary’s connection evaluation array, VPN On Demand compares the requested domain against the domains listed in the Domains array.
If domain-based matching is not enabled, the specified behavior (Connect, Disconnect, Allow, or Ignore) is used if the dictionary otherwise matches.

 

VPN On Demand rules are applied when the device's primary network interface changes, for example when the device switches to a different Wi-Fi network.

Note the following:

A matching rule is not required. The Default Rule is applied if a matching rule is not defined.
If you select Evaluate Connection, a matching rule is not required.
You can create up to 10 On Demand matching rules.
For each matching rule you can create up to 50 Type and Value pairs.

 

Per-app VPN

Select Yes to create a per-app VPN setting. An additional license may be required for this feature.

The Provider Type field displays.

Per-app VPN is supported on iOS devices version 9.0 through the most recently released version of iOS as supported by MobileIron.

You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting.

You can enable per-app VPN for an app when you:

add the app in the App Catalog.
edit an in-house app or an App Store app in the App Catalog.
NOTE: When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list.

See the MobileIron Apps@Work Guide for information about how to add or edit apps.

Provider Type

If Per-App VPN is set to Yes, define whether the per-app VPN service will tunnel traffic at the application layer (app-proxy) or the IP layer (packet-tunnel).

Select app-proxy (default) or packet-tunnel.

 

Continue to Windows Configuration

Continue to Custom Data.

Windows Configuration

Allowed Secured Resources (Windows Phone only)

Excluded Secured Resources (Windows Phone only)

See Application-triggered VPN for Windows devices for information on how to configure these settings to set up application-triggered VPN for 8.0.1 devices.

 

Table 4. Windows Configurations

Item

Description

Windows Configuration

Enter the secured resources (domains, IP ranges, or apps) used by the Send All Traffic option.

Always On

Select this option to keep the VPN on. Lock Down supersedes this option for Windows devices.

Lock Down

You cannot change the assigned settings unless 1) the Lock Down setting is removed from the profile and the new profile is pushed to the device or 2) the device is un-enrolled from Core.

This option supersedes the Always On option.

Custom Data

  • Add+ - Click to add a new key / value pair.
  • Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.