Forum Discussion

Chris8501's avatar
Chris8501
Icon for Nimbostratus rankNimbostratus
Jan 15, 2025

Multiple per-app VPNs using single configuration

What is the best practice for configuring per-app VPNs for multiple apps?

 

I have 6 iOS apps that I want give access to via per-app VPN. I have a single app working with on-demand cert auth, and I need to support the additional apps as well, but have the user/device granted a different network access resource.

 

I think I need a scalable method that I can use to determine which network access resource to apply. We have a separate firewall that performs access control, so we don't use ACLs in our APM configurations. The firewall rules will allow limited access to the internal resources separately for each mobile app. So ideally a different resource will be assigned based on the app that is being used.

 

We use Intune as our MDM and currently have a single per-app VPN profile configured for these apps. I can create multiple Intune profiles that point to multiple virtual servers (and multiple access policies, etc) if thats whats required, but I would rather just have a single configuration wherever I can if thats possible.

 

Thanks

Chris

 

 

 

  • if those apps are internal apps, it is better to consult with the app developer/architect teams.
    the app integration connectivity shouldnt change every day or unplanned in production env.

    for continuity, make the apm config to be part of change management process of those apps.