VPN policy (Premium)
A group of policies for VPN setup and configuration. IT admins can enforce these policies for fully managed devices with or without a Work profile. Availability: All Knox versions with a Premium license.
  • Enable VPN controls
    Use this control to enable or disable VPN controls for the device. Enable VPN controls before changing any VPN related settings. If VPN controls are not enabled, any settings for VPN related items are ignored.
  • VPN type
    Choose the VPN type applicable to the apps on the device. For fully managed devices without a Work profile, choose between all apps or specific apps. For devices with a Work profile, choose between all three options.
  • Manage list of apps that use VPN
    Use these controls to add a list of applications at a device-wide or Work profile-specific level that can bypass VPN and connect to the network directly.
    • Select apps in the device, in the main user
      For fully managed devices with app-specific VPN, enter a comma-separated list of package names to specify apps that must use VPN to connect. For devices with a Work profile, enter the Personal profile apps that must use VPN to connect. To use VPN for all apps, do not enter any app names. Default value is all apps.
    • Select apps in the work profile
      For fully managed devices with a Work profile and the VPN type set to Selected Apps, enter the list of Work profile apps that must use VPN to connect. Enter a comma-separated list of package names to specify the apps. To use VPN for all Work profile apps, leave blank. Default value is all apps.
  • Enable on-demand VPN
    For fully managed device with or without a Work profile, enter a comma-separated list of package names to specify apps that can bypass VPN connections. To use VPN for all apps, do not enter any app names.
  • Manage list of apps that can bypass VPN
    Use these controls to add a list of applications at a device-wide or Work profile-specific level that can bypass VPN and connect to the network directly.
    • Apps in main user
      For fully managed device with or without a Work profile, enter a comma-separated list of package names to specify apps that can bypass VPN connections. To use VPN for all apps, do not enter any app names.
    • Apps in work profile
      For fully managed devices with a Work profile, enter a comma-separated list of package names to specify apps that can bypass VPN connections. To use VPN for all apps, do not enter any app names.
  • Name of VPN profile to use
    Enter the name of the primary VPN configuration profile that apps can use for network connections. This profile name must match the "Profile name" value set in one of the "VPN profiles" below.
  • Enable VPN chaining
    Use this control to enable the use of two VPNs to double encrypt the data-traffic from apps added to the VPN profile.
  • Name of secondary VPN profile to use
    For devices with multiple VPN profiles, enter the name of the outer VPN configuration profile. This VPN server decrypts all data before passing it to the VPN client. This profile name must match the value set in the VPN profiles section.