- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-18-2018 11:46 PM
Hey Guys,
i'm currently testing the GlobalProtect App 5 with iOS Deviecs and Airwatch MDM. Everything works great, but it seems like that it isn't important which setting i've selected in the Portal > Agent > App (Settings). I've tried to enforce GlobalProtect for Network Access on iPhone but i can still deselect "connect on demand", so it is possible to access the Internet without GP.
Any Ideas? Does the Agent Settings effect? Anything else to configure espacially in AirWatch?
Thanks and best regards,
Jochen
09-03-2020 07:22 PM - edited 09-03-2020 07:23 PM
@Mick_Ball Very cool resolution to this problem.
09-04-2020 09:09 AM
I have to ask, if the file doesn't exist on the internet, how is the IPAD reading that file? Is it locally pushed down somewhere?
09-04-2020 09:19 AM
Hi @Sec101 .
for ios it needs to be on interweb.
http:\\yourserver.com\nameofpacfile.pac
on windoze you can use local file location, but that may have recently changed but you would be better using file on web as any change will be picked up by all clients immediately.
hth.
mick.
09-29-2020 05:57 PM
When your ipads are internal, are you tunneling those devices? I'm having some issues getting user-id to populate usernames if the ipad is internal only without a tunnel. The tunnel works as expected though...
09-29-2020 10:04 PM
@Sec101 . Hi.
they are never internal. Our office based users (ipad) just connect to our public wifi service.
The outgoing wifi palo has a link to GP palo save hairpin/trombone across isp. Sorry not much help for you.
There are some options for ios to auth on a domain for file share but was not for us.
09-30-2020 06:23 AM
Not a problem. As Always, your replies are very helpful! So yours, if turned on, are always VPN'd in. I'm starting to wonder if you don't use the tunnel, if user-id actually works on an iOS device.
09-30-2020 06:54 AM
I tried to do this without an internal gateway and we ran into problems with "enforce global protect for network access" and the tunnel not being established. We ended up doing an internal gateway and you're right, it doesn't identify the users. iPads are kinda terrible at being identified. We are doing the identification over radius through our NAC. We are sending the user info along after a successful authentication.
09-30-2020 07:12 AM - edited 09-30-2020 07:13 AM
Just so I can confirm,
So you did try this internal only, without a tunnel, using Global protect on Ipads, manually signed into the GP agent, and it didn't identify the user that was signed in like you would expect it to?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!