i'm currently testing the GlobalProtect App 5 with iOS Deviecs and Airwatch MDM. Everything works great, but it seems like that it isn't important which setting i've selected in the Portal > Agent > App (Settings). I've tried to enforce GlobalProtect for Network Access on iPhone but i can still deselect "connect on demand", so it is possible to access the Internet without GP.
Any Ideas? Does the Agent Settings effect? Anything else to configure espacially in AirWatch?
Thanks and best regards,
Solved! Go to Solution.
since day one of GP on IOS it has not been possible to force GP...
the user always has the option to disable VPN in the settings menu regardless of app settings.
I use a global proxy to prevent internet browsing when not connected via GP as never found any other way of enforcing this.
Would be able to get into a bit more detail on the global proxy and how you force mobile devices to use it? I would like to hear how others are solving this solution.
Nice solution for the iOS devices. Need to keep that in mind ;)
I am also interested in the way you solved the problem on windows. The way I used here is set the captive portal timeout to 1 hour and use simple http websites as default websites in the users browsers. The notifications of global protect are not very useful (not to say useless), but this way the user only has to open the browser to be redirected to whatever captive portal there is. This http website does nothing else than redirecting to the https company website, but as it is http it does not break the captive portal redirect.
nice solution, a little through the breast into the eye but still fine! ;-)
Maybe the option in the agent settings could be extended with "(Windows only)" as some other options.
@vsys_remo,I'm liking the default default web page to invoke captive portal.
we have an icon on the desktop called "Connect to Public WiFi".
this also points to our corp website and invokes the same response pages but it disables the proxy settings for 3 mins...
eva iva are workable solutions but bear in mind that we were using this way before the option of "GP enforce traffic" was ever introduced and have been using pac files long before the Juniper boxes were re-badged... lol....
so... just sticking to what works for us just now but if needs be i would certainly move towards your solution.. (not sure about the 1 hour timeout)...
@Jochen.Reinecke, yes understood but please note my previous response to Mr Remo...
we have been using pac files to restrict laptops since day one of VPN and the GP force traffic option has not been around very long.
so as it was already there then its easier to continue as is...
if we did not have pac files in place then the @vsys_remo solution would certainly suffice...
I think most of the App settings should contain (Windows Only (depending of course what mood your IPad is in and which motion was used when removing it from your laptop bag))
We are beginning to roll out GP for iOS devices and having an issue with this same topic. Are you still using the proxy.pac file? If so, can you share some details on how to do it? I'm not sure where to host this or what format for the file to be.
Any help would be appreciated.
Hi @brianjreed .
of course ... no problemo....
the pac file needs to be available to ipads outside the vpn tunnel. So a website somewhere...
the pac file just says,,,, in laymans terms,,, Send all traffic to a duff proxy apart from the global protect connection traffic, and if connected to the private network, cancel the duff proxy...
this blocks all browser traffic by sending it to a proxy that does not exist. But it allows gp connection. When gp is connected it drops the proxy settings so all traffic goes down tunnel.
it reverts if tunnel fails. You actually dont need a proxy, just a pac file of a few lines of text.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!