Forum Discussion

tina_m_288728's avatar
tina_m_288728
Icon for Nimbostratus rankNimbostratus
Sep 02, 2016

iOS and Android F5 Edge Client enrolled in MDM - prevent ability for manually created profiles

Hi all,

 

Hoping to get some help or advise..... I have a client who we are setting up in AirWatch and deploying F5 VPN Edge Client to devices (Android and iOS). Authentication with F5 APM is via user certificate, issued from NDES server via AirWatch. We have configured for per-app vpn use. Once device is enrolled and VPN policy installed on to device, we have found that it is possible for an end user to create an additional profile in client, using same certificate that was issued via AirWatch, thus enabling an end user to create a secondary profile and then have whole device vpn into their infrastructure.

 

We would like to prevent this from happening - ability for whole device to vpn into their infrastructure.

 

Is there a way to either: - Prevent end user from creating their own profiles in F5 Edge client - Prevent end user, when creating their own profiles, to create additional profile using certificate in configured profile - Prevent whole device from vpn'ing into infrastructure and only accept per-app vpn connections

 

Or am I going about this completely the wrong way.

 

Thanking the community in advanced.

 

Cheers, Tina.

 

  • I would ask Airwatch for their input on how to limit the VPN profile/cert resources they push to the clients. On another note, I've seen just the same myself.