Multiple per-app VPNs using single configuration
What is the best practice for configuring per-app VPNs for multiple apps? I have 6 iOS apps that I want give access to via per-app VPN. I have a single app working with on-demand cert auth, and I need to support the additional apps as well, but have the user/device granted a different network access resource. I think I need a scalable method that I can use to determine which network access resource to apply. We have a separate firewall that performs access control, so we don't use ACLs in our APM configurations. The firewall rules will allow limited access to the internal resources separately for each mobile app. So ideally a different resource will be assigned based on the app that is being used. We use Intune as our MDM and currently have a single per-app VPN profile configured for these apps. I can create multiple Intune profiles that point to multiple virtual servers (and multiple access policies, etc) if thats whats required, but I would rather just have a single configuration wherever I can if thats possible. Thanks Chris
Network location awareness (NLA) on F5 Access client (Mobile)
Hello everyone, We are implementing a Per-App VPN solution (VPN tunnel is created automatically when the user open certain apps) (F5 & Airwatch) and currently we have the need to enforce that users that are inside the office do not connect to the VPN. Version: 13.1.1 Build 0.0.4 I've done this with the Edge Client with the NLA feature but I have no success finding this solution to the F5 Access (In theory is de same, at least on some posts that I saw here) client for Android and iOS, neither I found a operation guide for this client. Among the things that I checked are: BIG-IP Edge Client Operations Guide BIG-IP APM Operations Guide One possible solution that I though was to use the IP subnet object from the virtual policy editor, but the thing is that this is associated with the virtual server that establish the VPN to local resources and not the resources themselves. Among my questions there are: - Is there something that I am missing regarding documentation? - Can NLA be enforced on iOS and Android via the F5 Access app? Maybe this can only be enforced by the MDM, I just want to exhaust all of our possibilities with F5. Thanks everyone in advance Regards,
Per-App VPN, how are CCU licenses consumed?
Hi Trying to size an APM-Airwatch integration and got this question: as far as I understand, per-App VPN will consume one CCU license. A device could open multiple per-App VPNs simultaneously (?) so how is the CCU license consumption going then? Thanks Alex
Per-App VPN support
Hi I found that upcoming EDEG client (1.0.7) will support Per-App VPN capability, in previous post(2 weeks ago). And learned it will be released on 2-3 week. Now I can not find 1.0.7 on AppStore yet. When will it be released? And I have one question regarding Per-App VPN. Does each App-Developer have to implement F5 module (or something) into their own apps?, or there is nothing to do for App-Developer?