Menu

Knox VPN Tools

Samsung Knox devices provide defense-grade VPNs and continually offer new and evolving VPN capabilities to satisfy the strictest requirements for data in transit.

The Knox Partner Portal provides two apps to enable advanced Knox VPN features:

Android VPN Management for Knox Strongswan

Version 3.0.5

The built-in Android VPN client is one of the VPN clients that enterprises can use. It is available on all Samsung devices but has been limited to simple VPN configurations as seen in the Android Settings app. Samsung devices come with an enhanced version of the Android VPN Service. The built-in Android VPN client wasn’t designed to take advantage of our advanced VPN capabilities, limiting its use in enterprise environments. Modifying the client to support our enhancements would have required us to maintain our own version of the client and have our client separately certified for FIPS compliance.

We chose to leave the built-in Android VPN client unmodified and instead added a management app to sit in between our enhanced VPN framework and the Android VPN client. This management app is called Android VPN Management for Knox Strongswan and unlocks advanced Knox VPN features such as:

  • Per-app connections

    On-demand connections

    Device-wide connections

    Always-on connections

    Blocking routes to prevent data leakage if a mandatory VPN connection drops

    Proxy support, with and without authentication

To deploy our Android VPN Management for Knox Strongswan app:

  1. Log in to Knox Partner Portal > Dashboard > Download.
  2. Download the Android VPN Management for Knox Strongswan APK.
  3. Push the APK to a device or work profile on a device.
NOTE — The new Knox app is backwards compatible with devices running earlier, pre-3.6 versions of Knox.

USB Tethering Authentication for VPN

Version 1.2

With Knox 3.5, Samsung Knox devices could extend a VPN tunnel to a laptop connected through USB. This provided laptop users with the ability to access internal enterprise resources using our defense-grade mobile VPN network. In addition to providing convenience when laptops do not have network connectivity, this offers company cost savings by removing the need to buy additional VPN licenses for laptops.

Knox 3.6 enhanced this feature with better security through a new app that enables Samsung Knox devices to verify that a laptop is owned by the device user. When the user connects a laptop to a Samsung Knox device via USB, the app validates the user certificate on the laptop with allowed certificates installed by the IT admin on the device.

To deploy the new app to authenticate connected laptops:

  1. Log in to Knox Partner Portal > Dashboard > Download.
  2. Download the USB Tethering Authentication for VPN APK.
  3. Configure a UEM profile to push and deploy the APK to devices.
  4. Identify the certificates of laptops allowed to connect via USB to each device for VPN access.
NOTE — The APK provided on the Knox Partner Portal supports only Samsung Experience Platform (SEP) flagship devices like the Galaxy S/A/J and Tab S/A, which are manufactured by Samsung. We also have Joint Development Manufacturing (JDM) partners that produce SEP Lite devices like the A21, Tab A7, M51, M31s, and A12. To deploy USB-tethered VPNs on a SEP Lite device, please contact us to get another APK that uses a different Samsung platform signing key.

Download

ENROLL TO DOWNLOAD

Already enrolled?

DOWNLOAD ZIP

Resources

For: