• VPN policy (Premium)
    A group of policies for VPN setup and configuration. IT admins can enforce these policies for fully managed devices with or without a Work profile. Availability: All Knox versions with a Premium license.
    • Enable VPN controls
      Use this control to enable or disable VPN controls for the device. Enable VPN controls before changing any VPN related settings. If VPN controls are not enabled, any settings for VPN related items are ignored.
    • VPN type
      Choose the VPN type applicable to the apps on the device. For fully managed devices without a Work profile, choose between all apps or specific apps. For devices with a Work profile, choose between all three options.
    • Manage list of apps that use VPN
      Use these controls to add a list of applications at a device-wide or Work profile-specific level that can bypass VPN and connect to the network directly.
      • Select apps in the device, in the main user
        For fully managed devices with app-specific VPN, enter a comma-separated list of package names to specify apps that must use VPN to connect. For devices with a Work profile, enter the Personal profile apps that must use VPN to connect. To use VPN for all apps, do not enter any app names. Default value is all apps.
      • Select apps in the work profile
        For fully managed devices with a Work profile and the VPN type set to Selected Apps, enter the list of Work profile apps that must use VPN to connect. Enter a comma-separated list of package names to specify the apps. To use VPN for all Work profile apps, leave blank. Default value is all apps.
    • Enable on-demand VPN
      For fully managed device with or without a Work profile, enter a comma-separated list of package names to specify apps that can bypass VPN connections. To use VPN for all apps, do not enter any app names.
    • Manage list of apps that can bypass VPN
      Use these controls to add a list of applications at a device-wide or Work profile-specific level that can bypass VPN and connect to the network directly.
      • Apps in main user
        For fully managed device with or without a Work profile, enter a comma-separated list of package names to specify apps that can bypass VPN connections. To use VPN for all apps, do not enter any app names.
      • Apps in work profile
        For fully managed devices with a Work profile, enter a comma-separated list of package names to specify apps that can bypass VPN connections. To use VPN for all apps, do not enter any app names.
    • Name of VPN profile to use
      Enter the name of the primary VPN configuration profile that apps can use for network connections. This profile name must match the "Profile name" value set in one of the "VPN profiles" below.
    • Enable VPN chaining
      Use this control to enable the use of two VPNs to double encrypt the data-traffic from apps added to the VPN profile.
    • Name of secondary VPN profile to use
      For devices with multiple VPN profiles, enter the name of the outer VPN configuration profile. This VPN server decrypts all data before passing it to the VPN client. This profile name must match the value set in the VPN profiles section.