Menu

Knox VPN JSON Message Definition

This section explains how the Knox VPN JSON message is defined and provides example messages for the supported configurations of VPN connections. This section provides a simple message definition for chaining VPN servers but there are several, additional example message definitions for dual chaining in the Integration Guide section.

The Message Sections

The JSON message which is used while creating a VPN profile consists of three sections.

The profile_attribute section

This section of the JSON message contains profile details.

  • profileName: A string value to name a profile configuration.
  • host: A string value representing the VPN server in IP format or domain name format.
  • vpn_type: A string value representing the VPN connection type. For example, "ipsec" or "ssl" or "$random-string"
  • vpn_route_type: An integer value, 1 or 0, to determine whether or not the message defines a Knox profile; 1 confirms.

The knox section

This section covers the Knox settings that are enabled for the given profile. The options configured in the Knox section of the JSON message, except for chaining, are applied to all apps added to the profile.

  • uidpid_search_enabled: To enable (1), to disable (0)
  • chaining_enabled: To determine if encryption is chained (1) or non-chained (0). The default value is -1;
  • ConnectionType: A string value to find the connection type:
    • keepon: starting or stopping a VPN connection does not depend on starting/stopping apps. This is the default value.
    • ondemand: starting or stopping a VPN connection depends on starting/stopping apps.
  • proxy-server: A string value to represent the static proxy server in either IP address or domain name format.
  • proxy-port: A string value to represent the static proxy server port number.
  • pac-url: A string value to represent the PAC url in either IP address or domain name format.
  • proxy-auth: An integer value to represent the authentication needed for the proxy server referenced in the PAC URL.
    • 0: Default value, no authentication needed
    • 1: Basic authentication needed
    • 3: NTLMV2 authentication needed
  • proxy-username: A string value indicating that the admin provided credentials for the proxy-server authentication for both static, and PAC, proxy support.
  • proxy-password: A string value indicating that the admin provided credentials for the proxy-server authentication for both static, and PAC, proxy support.

The vendor section

This section of the JSON message contains vendor-specific details related to VPN clients.

Default Knox VPN Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "host":"XY.X.XYZ.XY",
        "vpn_type":"ipsec",
        "vpn_route_type":1
    },
    "knox": {
    },
    "vendor": {
    }
}

On-Demand VPN Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "host":"XY.X.XYZ.XY",
        "vpn_type":"ipsec",
        "vpn_route_type":1
    },
    "knox": {
        ConnectionType: "ondemand"
    },
    "vendor": {
    }
}

UID, or PID, Based VPN Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "host":"XY.X.XYZ.XY",
        "vpn_type":"ipsec",
        "vpn_route_type":1
    },
    "knox": {
        uidpid_search_enabled:1
    },
    "vendor": {
    }
}

VPN Chaining Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "host":"XY.X.XYZ.XY",
        "vpn_type":"ipsec",
        "vpn_route_type":1
    },
    "knox": {
        chaining_enabled:0
    },
    "vendor": {
    }
}
"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet2", // Note the profile name difference from the first server
        "host":"XY.X.XYZ.XZ", // Note the IP address difference from the first server
        "vpn_type":"ipsec",
        "vpn_route_type":1
    }
    "knox": {
        chaining_enabled:1 // Note the different value from the first server
    },
    "vendor": {
    }
}

Static VPN Proxy, No Authentication Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    }
    "knox": {
        "proxy-server":"XY.XY.XY.XY",
        "proxy-port":59128
    },
    "vendor": {
    }
}

Static VPN Proxy

Basic Authentication Using Admin Configured Credentials

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    }
    "knox": {
        "proxy-server":"XY.XY.XY.XY",
        "proxy-port":59128,
        "proxy-username":"id_9031457792",
        "proxy-password":"6*ca^2-CA",
        "proxy-auth":1
    },
    "vendor": {
    }
}

SBasic Authentication Using End-User Configured Credentials

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    }
    "knox": {
        "proxy-server":"XY.XY.XY.XY",
        "proxy-port":59128,
        "proxy-auth":1
    },
    "vendor": {
    }
}

PAC VPN Proxy

No Authentication Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    }
    "knox": {
        "pac-url":"http://XY.XY.XY.X/proxy/auth78.pac"
    },
    "vendor": {
    }
}

Basic Authentication Using Admin Configured Credentials

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    }
    "knox": {
        "pac-url":"http://XY.XY.XY.X/proxy/auth78.pac",
        "proxy-auth":1,
        "proxy-username":"iD_9031457792",
        "proxy-password":"6*ca^2-CA"
    },
    "vendor": {
    }
}

Basic Authentication Using End-User Configured Credentials

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    } 
    "knox": {
        "pac-url":"http://XY.XY.XY.X/proxy/auth78.pac",
        "proxy-auth":1
    },
    "vendor": {
    }
}

NTLM Authentication Using Admin Configured Credentials

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    } 
    "knox": {
        "pac-url":"http://XY.X.XY.X/proxy/auth78.pac",
        "proxy-auth":3,
        "proxy-username":"iD_9031457792",
        "proxy-password":"6*ca^2-CA"
    },
    "vendor": {
    }
}

NTLM Authentication Using End-User Configured Credentials

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet", 
        "host":"XY.X.XYZ.XY", 
        "vpn_type":"ipsec",
        "vpn_route_type":1
    } 
    "knox": {
        "pac-url":"http://XY.XY.XY.X/proxy/auth78.pac",
        "proxy-auth":3
    },
    "vendor": {
    }
}

Basic VPN Through Settings Menu

Hybrid RSA Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "vpn_type":"ipsec", 
        "vpn_route_type":1
    },
    "knox": {
    },
    "vendor": {
         "basic": {
              "host":"1.1.1.1",
              "username":"iD_9031457792",
              "password":"6*ca^2-CA",
              "authentication_type":"ipsec_hybrid_rsa" 
        },
        "ipsec_hybrid_rsa":{
              "ca_cert_alias":"ca", //optional
              "server_cert_alias":"server" //optional
         }
     }
}

PSK Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "vpn_type":"ipsec", 
        "vpn_route_type":1
    },
    "knox": {
    },
    "vendor": {
         "basic": {
              "host":"1.1.1.1",
              "username":"iD_9031457792",
              "password":"6*ca^2-CA",
              "authentication_type":"ipsec_xauth_psk" 
        },
        "ipsec_xauth_rsa":{
              "identifier":"test@company.com", //optional
              "pre_shared_key":"example"
         }
     }
}

xauth RSA Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "vpn_type":"ipsec", 
        "vpn_route_type":1
    },
    "knox": {
    },
    "vendor": {
         "basic": {
              "host":"1.1.1.1",
              "username":"iD_9031457792",
              "password":"6*ca^2-CA",
              "authentication_type":"ipsec_xauth_rsa" 
        },
        "ipsec_xauth_rsa":{
              "user_cert_alias":"cert_alias",
              "ca_cert_alias":"ca", //optional
              "server_cert_alias":"server" //optional
         }
     }
}

IKE2 PSK Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "vpn_type":"ipsec", 
        "vpn_route_type":1
    },
    "knox": {
    },
    "vendor": {
         "basic": {
              "host":"1.1.1.1",
              "authentication_type":"ipsec_ike2_psk" 
        },
        "ipsec_ike2_psk":{
              "identifier":"test@company.com", //optional
              "pre_shared_key":"example"
         }
     }
}

IKE2 RSA Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "vpn_type":"ipsec", 
        "vpn_route_type":1
    },
    "knox": {
    },
    "vendor": {
         "basic": {
              "host":"1.1.1.1",
              "authentication_type":"ipsec_ike2_rsa" 
        },
        "ipsec_ike2_rsa":{
              "user_cert_alias":"cert_alias",
              "ca_cert_alias":"ca",
              "server_cert_alias":"server", //optional
              "ocsp_url":"http://example.com" //optional
         }
     }
}

Legacy VPN

Pulse Secure Configuration

"KNOX_VPN_PARAMETERS": {
    "profile_attribute": {
        "profileName":"planet",
        "host":"1.1.1.1",
        "VPN_type":"ss1", 
        "VPN_route_type":1,
        "isUserAuthenEnabled":true //optional for xauth configuration
    },
    "ssl":{
         "basic":{
                "authentication_type":1,
                "splitTunnelType":0,
                "username":"iD_9031457792", //optional for xauth configuration
                "password":"6*ca^2-CA" //optional for xauth configuration
           },
           "algorithms":{
           }
     },
    "knox": {
    },
    "vendor": {
         "realm":"",
         "role":"",
         "certAlias":"",
         "RSASoftToken":"",
         "SafeNetSoftToken":"" 
    }
}