Apple's Network Extension framework supports layer-3 tunneling for both device-wide and Per-App VPN tunnels. This means that TCP and UDP protocols are supported for apps configured for Per-App VPN on F5 Access for iOS 3.x. Apps that are managed by a Mobile Device Manager (MDM) can be configured to automatically connect to a VPN when they are started. In addition, Mobile Safari can be managed for per-app VPN with a configuration profile and without an MDM. Per-app VPN gives IT granular control over corporate network access, and ensures that data transmitted by managed apps travels only through a VPN. Meanwhile, other data, like an employee's personal web browsing activity, does not use the VPN. Per-app VPN also works with Safari on a per-URL basis.
A per-app VPN configuration requires three configuration components.
The per-app VPN framework allows the administrator to limit VPN access to explicit apps only. Specifically, it allows applications to use one F5 Access configuration (or VPN connection).
In practice, some applications may be associated with one F5 Access configuration, and other applications may be associated with other F5 Access configurations.
In this example, App 1 or App 2 can be active at the same time, because they use different VPN configurations.
Apps associated with different VPN configurations
You configure specific settings in the Access Policy Manager® to provide per-app VPN tunnels. Per-app VPN tunnels are full network access tunnels, and require Network Access resources in the Access Policy. Configure these items on the Access Policy Manager.
A virtual server profile enables support for the network access used by per-app VPN tunnels.