Per app VPN configuration (iOS user policy)
The Per app VPN configuration lets you configure VPN settings for individual apps. When you assign the Per app VPN configuration to an app, it uses the VPN for all its network traffic. See Assign a VPN connection to an iPhone or iPad app.
Settings
Setting | Description |
---|---|
Connection name | The name of the connection shown on the device. |
Connection type | The type of VPN connection:
Select Custom SSL/TLS if your VPN vendor has an app in the App Store that provides the VPN connection. |
Identifier (reverse DNS format) | The identifier of the VPN app in reverse DNS format. The app must be installed on the device. Example: |
Server | The hostname or IP address of the server. |
Account | The user account for the authentication of the connection. |
Third-party settings | If your vendor has specified custom connection properties, you can enter them in this field. To enter a property, click Add and then enter Key and Value of the property in the dialog box. This setting is available for the Custom SSL/TLS connection type. |
Send all traffic through VPN | All traffic is sent through VPN. |
Connect automatically on demand | The device turns the VPN on when the app connects to the network. When you turn this setting off, users must turn the VPN on. |
Group | The group required for the authentication of the connection. This setting is available for the Cisco AnyConnect and Cisco Legacy AnyConnect connection types. |
User authentication | The type of user authentication for the connection, either Password or Certificate. |
Password | The password for VPN authentication. |
Certificate | The certificate for VPN authentication. |
Proxy | The proxy settings for the connection:
|
Provider type | The VPN connection type.
This setting isn’t available for the Cisco AnyConnect connection type. |
Domains in Safari | Domains for which iOS uses a VPN connection when opened in Safari or other web browsers. |
Domains in Calendar | Domains for which iOS uses a VPN connection when opened in Calendar. |
Domains in Contacts | Domains for which iOS uses a VPN connection when opened in Contacts. |
Domains in Mail | Domains for which iOS uses a VPN connection when opened in Mail. |
How to enter domains
The following rules apply to the Domains in Safari, Domains in Calendar, Domains in Contacts, and Domains in Mail fields:
- Enter one domain, partial domain, or host name per line.
-
A partial domain matches a domain name when all components match, starting at the right.
For example,
example.com
matcheswww.example.com
andmail.example.com
, but notwww.myexample.com
orexample.com.net
. -
Leading and trailing dots are ignored.
For example,
.example.com
andexample.com
are equivalent. -
When you enter a string without dots, it matches a host with that name.
For example,
com
matchescom
, but notwww.example.com
.
For security reasons, an additional rule applies to the Domains in Calendar, Domains in Contacts, and Domains in Mail fields:
-
The second-level domain must match the second-level domain of your VPN server.
For example if your VPN server’s address is
vpn.example.com
, the domain can bemail.example.com
but notmail.acme.com
.