SSL VPN and iPhone OS 4.0

Showing results for 
Search instead for 
Did you mean: 

SSL VPN and iPhone OS 4.0

L4 Transporter

I was looking at the new specs for the 4.0 code of the iPhone OS, and saw that they were opening up the SSL VPN function to Juniper and Cisco.

Any chance Palo Alto is working on a NetConnect app for the iPhone?


Check this document.

Anyone tried connecting an Android device yet?


I have been looking for an Android client that does not require rooting the device. At this point in time I have not found one. If you are aware of one I will happily test in my lab and make sure the results are made available to our entire community.


Android OS 4 (ice cream thingy) will have support for IPSEC VPNs. Lets hope the developers get their act together and have an IPSEC client created for it's release which should be sometime in November. Until this happens I don't know of any other way of getting a legitimate droid device VPN'ing through the PA.


When PAN first told me about supporting iOS, they said it should also work with Android, but wouldn't initially be officially supported.  I guess not...  Hopefully ICS will support it.

Is there a Windows client that supports this as well?


Windows support for SSL VPN on PAN-OS has existed for some time. 4.1 PAN-OS converts NetConnect to GlobalProtect on the Windows client side.


I realize that.  I was just thinking that there have been instances where the NetConnect client didn't work right and using another client might be beneficial.  I haven't used the GlobalProtect client yet, so I don't know how well that one works.

Guys the supplicant native to Phones and IPSec in general use XAUTH, certificate authentication.  We developed a solution in house that does just that, profiles for VPN and Wifi and connecting them to the PAN agent.  Works on Android, Blackberry, IOS and Symbian etc. If your phone has VPN settings the XAUTH is usually the way to go.  That way when they upgrade you don't need your VPN client to upgrade as well.

Same for Wifi.  The key thing here is client auth certificates replace credentials such as Windows etc. General use of a single p12 per client and OSCP or a CRL makes PAN able to use the same cert for Wifi, VPN and SSL Decryption (even wired if you want to go 802.1X).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!