NetMotion Mobility VPN (iOS)

This VPN connection type is supported on iOS devices.

Use the following guidelines to configure a NetMotion Mobility VPN.

Proxy - None (default)
Proxy - Manual
Proxy - Automatic

Within these selections, you may make settings for:

Domains
Custom Data

Proxy - None (default)

Use the following guidelines to configure a NetMotion Mobility VPN connection without a proxy.

**Table 78.** Proxy - None Settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: •Device channel - the configuration is effective for all users on a device. This is the typical option. •User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select NetMotion Mobility VPN (iOS).
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic.
Username	Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: •Password - see next row for information. •Certificate - If you select Certificate, select the identity certificate to be used as the account credential.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
VPN on Demand	This setting applies to iOS and macOS devices only. Select to enable this VPN connection to be available on demand.
Per-app VPN	Select Yes to create a per-app VPN setting. An additional license may be required for this feature. Per-app VPN is supported on iOS devices version 9.0 or supported newer versions. You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting. You can enable per-app VPN for an app when you: •add the app in the App Catalog. •edit an in-house app or an App Store app in the App Catalog. When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list. See the Ivanti EPMM Apps@Work Guide for information about how to add or edit apps.

Continue to Domains.

Continue to Custom Data.

Proxy - Manual

Use the following guidelines to configure a NetMotion Mobility VPN connection with a manual proxy.

**Table 79.** Proxy - Manual Settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select NetMotion Mobility VPN (iOS).
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Select Manual. To configure an Automatic proxy, go to Proxy - Automatic.
Proxy Server	Enter the name for the proxy server.
Proxy Server Port	Enter the port number for the proxy server.
Type	Select Static or Variable for the type of authentication to be used for the proxy server.
Proxy Server User Name	If the authentication type is Static, enter the username for the proxy server. If the authentication type is Variable, the default variable selected is $USERID$.
Proxy Server Password	If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below. If the authentication type is Variable, the default variable selected is $PASSWORD$.
Proxy Domains (iOS only)	The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported. Click Add+ to add a domain.
Username	Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: •$USERID$:$EMAIL$ •$USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: Password - see next row for information. Certificate - If you select Certificate, select the identity certificate to be used as the account credential.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
VPN on Demand	This setting applies to iOS and macOS devices only. Select to enable this VPN connection to be available on demand.
Per-app VPN	Select Yes to create a per-app VPN setting. An additional license may be required for this feature. Per-app VPN is supported on iOS devices version 9.0 or supported newer versions. You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting. You can enable per-app VPN for an app when you: add the app in the App Catalog. edit an in-house app or an App Store app in the App Catalog. When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list. See the Ivanti EPMM Apps@Work Guide for information about how to add or edit apps.

Continue to Domains.

Continue to Custom Data.

Proxy - Automatic

Use the following guidelines to configure a NetMotion Mobility VPN connection with an automatic proxy.

**Table 80.** Proxy - Automatic Settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select NetMotion Mobility VPN (iOS).
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Select Automatic. To configure a Manual proxy, go to Proxy - Manual.
Proxy Server URL	Enter the URL for the proxy server. Enter the URL of the location of the proxy auto-configuration file.
Proxy Domains (iOS only)	The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported. Click Add+ to add a domain.
Username	Specify the user name to use (required.) The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: $USERID$:$EMAIL$ $USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: Password - see next row for information. Certificate - If you select Certificate, select the identity certificate to be used as the account credential.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
VPN on Demand	This setting applies to iOS and macOS devices only. Select to enable this VPN connection to be available on demand.
Per-app VPN	Select Yes to create a per-app VPN setting. An additional license may be required for this feature. Per-app VPN is supported on iOS devices version 9.0 or supported newer versions. You cannot delete a per-app VPN setting that is being used by an app. Remove the per-app VPN setting from the app before you delete the setting. You can enable per-app VPN for an app when you: add the app in the App Catalog. edit an in-house app or an App Store app in the App Catalog. When multiple labels are assigned to associate the selected VPN configurations in the Per-App VPN section, then VPN prioritization will happen in the order of the selected list. See the Ivanti EPMM Apps@Work Guide for information about how to add or edit apps.

Continue to Domains.

Continue to Custom Data.

Domains

Safari Domains

Applicable to: Safari Domains (iOS 7 and later; macOS 10.11 and later)

You must update your VPN software to a version that supports Per-app VPN.

If the server ends with one of these domain names, a VPN connection is started automatically.

Add+ - Click to add a domain.
Safari Domain - Enter a domain name. Only alphanumeric characters and periods (.) are supported.
Description - Enter a description for the domain.

Once the configuration has been saved, you can edit the Safari Domain information by clicking the Edit icon.

Calendar Domains

Deprecated in iOS 13.4 and later.

Applicable to: Calendar Domains (iOS 13 and later; macOS 10.15 and later)

If the server ends with one of these domain names, a VPN connection is started automatically.

Add+ - Click to add a domain.
Calendar Domain - Enter a domain name. Only alphanumeric characters and periods (.) are supported.
Description - Enter a description for the domain.

Contact Domains

Deprecated in iOS 13.4 and later.

Applicable to: Contact Domains (iOS 13 and earlier; macOS 10.15 and later)

If the server ends with one of these domain names, a VPN connection is started automatically.

Add+ - Click to add a domain.
Contact Domain - Enter a domain name. Only alphanumeric characters and periods (.) are supported.
Description - Enter a description for the domain.

Mail Domains

Deprecated in iOS 13.4 and later.

Applicable to: Mail Domains (iOS 13 and later; macOS 10.15 and later)

If the server ends with one of these domain names, a VPN connection is started automatically.

Add+ - Click to add a domain.
Mail Domain - Enter a domain name. Only alphanumeric characters and periods (.) are supported.
Description - Enter a description for the domain.

Associated Domains

Applicable to: Associated Domains (iOS 14.3 and later; macOS 11.0 and later). Applicable to MDM devices only.

Connections to servers within one of these domains are associated with the per-app VPN.

Add+ - Click to add a domain.
Mail Domain - Enter a domain name. Only alphanumeric characters and periods (.) are supported.
Description - Enter a description for the domain.

Excluded Domains

Applicable to: Excluded Domains (iOS 14.3 and later; macOS 11.0 and later). Applicable to MDM devices only.

Connections to servers within one of these domains are excluded from the per-app VPN.

Add+ - Click to add a domain.
Mail Domain - Enter a domain name. Only alphanumeric characters and periods (.) are supported.
Description - Enter a description for the domain.

For more information, see Managed domains settings.

Custom Data

Add+ - Click to add a new key / value pair.
Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.