I need to resolve the following task:
when user start Google Chrome or Edge browser on Android device traffic only from this applications routed via VPN,
all other just for instance, Microsoft Teams or Outlook should goes directly to Internet.
Mobile devices are enrolled in Intune with Android Fully Managed Profile
My approach is:
I'm try to configure a Per-App VPN with App Configuration Policy for fully managed Android devices policy config
In App List parameter put an application ID of google chrome browser and put in allow list
With user-logon Connection method when user start the phone there is notification that Always-On is enabled, but in Intune device restriction profile Always-On option is disabled
And all traffic from all applications and browser goes via VPN tunnel
With On-demand Connection Method user need manually start Global Protect VPN client but that's not a good idea because in other case user will have a full access to Internet.
OS version of Global Protect Gateway is PanOS 9.1.9
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!