Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

101

102

103

104

105

106

107

108

109

110

96 GlobalProtect Administrator’s Guide

Define Deployment Policies Set Up the GlobalProtect Mobile Security Manager

Create an Android Configuration Profile

The Android configuration profile contains the configuration settings, certificates, web clips, and restrictions to

push down to a specific group of Android devices. If you have groups of Android device users that need access

to varying services or that require different levels of restrictions, you must create a separate Android

configuration profile for each.

Step 5 (Optional) Specify what device traffic to

tunnel through the VPN. By default, the

GlobalProtect app will tunnel all traffic as

specified in its corresponding portal client

configuration. However, you can override

the portal tunnel configuration by

defining VPN on Demand setting in the

Mobile Security Manager configuration.

4. To override the settings defined in the portal configuration,

select the

VPN On Demand check box and then click Add to

define exceptions as follows:

• Enter an IP address, hostname, domain name or subnet in

the

Domain field to specify a tunnel destination.

• Select a corresponding

Action to specify when to tunnel

traffic to the specified

Domain (always, never, or ondemand

to allow the end user to manually invoke the VPN).

• Repeat this step for each tunnel destination for which you

want to create an override.

5. Click

OK to save the configuration.

Step 6 Save the configuration profile. 1. Click

OK to save the VPN configuration settings.

2. Click

OK to save the iOS configuration profile.

Commit your changes.

Step 7 Configure the gateways to use the

specified client certificate to enable the

mobile devices using this configuration to

establish HTTPS connections.

Complete the following steps on each gateway:

1. Import the root CA certificate that was used to issue the mobile

device certificates (either the identity certificate issuer, the

SCEP server CA, or the self-signed CA certificate from the

Mobile Security Manager depending on which type of client

certificate you are using) onto gateway(s).

2. Add the CA certificate to the certificate profile used in the

gateway configuration.

Create an Android Configuration Profile

Step 1 Add a configuration profile. 1. Select Policies > Configuration > Android and then click Add.

Step 2 Enter identifying information for the

configuration.

1. On the

General tab, enter a Name to display for the

configuration in the Mobile Security Manager web interface.

2. Enter a

Display Name to show on the Detail/Profiles screen on

the mobile device as well as on the device HIP report.

3. Enter an

Identifier for the configuration in reverse-DNS style

format. For example, if this profile will be used to push a base

configuration to devices, you might name the configuration

something like

com.acme.androidprofile.

4. (Optional) Enter a

Description to display on the Detail screen

of the mobile device.

Create a GlobalProtect VPN Configuration (Continued)