Fortinet black logo

Workspace ONE Deployment Guide

Home FortiClient 7.2.0 Workspace ONE Deployment Guide
7.2.0
7.2.0
7.0.0

Per-application VPN

Per-application VPN

FortiClient (iOS) supports per-application VPN with Workspace ONE using username and password authentication.

To configure per-application VPN:
  1. In Workspace ONE, go to Resources > Profiles & Baselines > Profiles.
  2. Click ADD > Add Profile.
  3. Select iOS.
  4. Select User Profile or Device Profile.
  5. Enter a meaningful name, then scroll to VPN and click ADD.
  6. Configure the VPN profile:
    1. Under Connection Info, configure the following:
      1. In the Connection Name field, enter a meaningful name for the VPN profile. This name appears on the FortiClient application VPN tunnel list.
      2. From the Connection Type dropdown list, select Custom.
      3. In the Identifier field, enter com.fortinet.forticlient.fabricagent.
      4. In the Server field, enter the VPN server IP address or FQDN.
      5. In the Account field, enter the username of the account to authenticate to the VPN server.

      6. Under Custom Data, you can configure a key-value pair with SingleSignOn as the key and True or False as the value. If you set SingleSignOn to True, the VPN profile uses single sign on to authenticate the user.
      7. Enable Per-App VPN Rules.
      8. Enable Connect Automatically.
      9. From the Provider Type dropdown list, select App Proxy.
    2. Under Authentication, configure the following:
      1. From the User Authentication dropdown list, select Password.
      2. In the Password field, enter the desired password for the user to authenticate to the VPN tunnel with.
  7. Assign the VPN profile to the desired smart group.
  8. Assign an application to use the per-application VPN profile:
    1. Go to Resources > Apps > Native.
    2. Go to the desired app.
    3. Create a new assignment or edit an existing assignment.
    4. Go to Tunnel & Other Attributes.
    5. From the Per App VPN Profile dropdown list, select the profile that you created.

After the device syncs with Workspace ONE, the VPN tunnel appears in FortiClient in Settings > VPN > PER-APP VPN. When opening the selected app for the per-application VPN, FortiClient automatically connects to VPN. When you close the app, FortiClient disconnects from VPN. In iOS VPN settings, confirm that Connect On Demand is enabled. With the example configuration, FortiClient automatically connects to VPN when the user opens DuckDuckGo:

Previous
Next

Per-application VPN

FortiClient (iOS) supports per-application VPN with Workspace ONE using username and password authentication.

To configure per-application VPN:
  1. In Workspace ONE, go to Resources > Profiles & Baselines > Profiles.
  2. Click ADD > Add Profile.
  3. Select iOS.
  4. Select User Profile or Device Profile.
  5. Enter a meaningful name, then scroll to VPN and click ADD.
  6. Configure the VPN profile:
    1. Under Connection Info, configure the following:
      1. In the Connection Name field, enter a meaningful name for the VPN profile. This name appears on the FortiClient application VPN tunnel list.
      2. From the Connection Type dropdown list, select Custom.
      3. In the Identifier field, enter com.fortinet.forticlient.fabricagent.
      4. In the Server field, enter the VPN server IP address or FQDN.
      5. In the Account field, enter the username of the account to authenticate to the VPN server.

      6. Under Custom Data, you can configure a key-value pair with SingleSignOn as the key and True or False as the value. If you set SingleSignOn to True, the VPN profile uses single sign on to authenticate the user.
      7. Enable Per-App VPN Rules.
      8. Enable Connect Automatically.
      9. From the Provider Type dropdown list, select App Proxy.
    2. Under Authentication, configure the following:
      1. From the User Authentication dropdown list, select Password.
      2. In the Password field, enter the desired password for the user to authenticate to the VPN tunnel with.
  7. Assign the VPN profile to the desired smart group.
  8. Assign an application to use the per-application VPN profile:
    1. Go to Resources > Apps > Native.
    2. Go to the desired app.
    3. Create a new assignment or edit an existing assignment.
    4. Go to Tunnel & Other Attributes.
    5. From the Per App VPN Profile dropdown list, select the profile that you created.

After the device syncs with Workspace ONE, the VPN tunnel appears in FortiClient in Settings > VPN > PER-APP VPN. When opening the selected app for the per-application VPN, FortiClient automatically connects to VPN. When you close the app, FortiClient disconnects from VPN. In iOS VPN settings, confirm that Connect On Demand is enabled. With the example configuration, FortiClient automatically connects to VPN when the user opens DuckDuckGo:

Previous
Next