Skip to main content
Español

How to create a VPN profile

Sergio AJ
  • Updated

**Creating a VPN Profile**

In the Configuration Manager console, navigate to the **Assets and Compliance** workspace, expand **Compliance Settings**, expand **Company Resource Access**, and select the **VPN Profiles** node.

On the **Home** tab of the ribbon, in the **Create** group, choose **Create VPN Profile**.

On the **General** page of the Create VPN Profiles Wizard, specify the following information:

- **Name:** Enter a unique name to identify the VPN profile in the console.
*Note: Avoid using the following characters in the VPN profile name: \ / : * ? < > | ;. Windows VPN profiles do not support these special characters.*

- **Description:** Optionally, enter a description to provide more information about the VPN profile.

- **VPN Profile Type:** Select the appropriate platform.

If you choose the **Windows 8.1** platform, you can also **import from file**. This action imports VPN profile information from an XML file. If you select this option, the rest of the wizard streamlines the following pages: **Supported Platforms** and **Import VPN Profile**.

On the **Supported Platforms** page, select the operating system versions compatible with this VPN profile.

On the **Connection** page, specify the following information:

- **Connection Type:** Choose the VPN connection type. For more information on supported types, refer to VPN Profiles.

- **Server List:** Add a new server to be used for the VPN connection. Depending on the connection type, you can add one or multiple VPN servers and specify which server is the default.

- **Bypass VPN when connected to the company network:** Configure clients not to use VPN when on the internal network. If necessary, specify a specific DNS name for the connection.

On the **Authentication Method** page of the wizard, choose a method compatible with the connection type. Configuration and options available on this page vary depending on the selected connection type. For more information, see Authentication Method Reference.

On the **Proxy Settings** page, if the VPN uses a proxy server, select one of the appropriate options for your environment. Then, provide proxy settings information.

The **Apps** page applies only to Windows 10 profiles. Add universal and desktop applications that automatically connect to this VPN. The application type determines the application identifier:

- For a **desktop application**, provide the file path of the application.

- For a **universal application**, provide the Package Family Name (PFN). For information on how to find the PFN of an application, see Finding a Package Family Name for VPN by App.

You can also configure an option for only the listed applications to use this VPN.

**Important:**
Secure all associated application lists you compile to configure an app VPN. If an unauthorized user changes the list and imports it into the VPN app list, it can authorize VPN access to applications that shouldn't have access.

The **Boundaries** page only applies to Windows 10 profiles to configure VPN boundaries. You can add the following options:

- **Network Traffic Rules:** Set the protocols, local port, remote port, and address ranges that will be enabled for the VPN connection.

*Note: If you don't create a network traffic rule, all protocols, ports, and address ranges are enabled. After creating a rule, the VPN connection only uses the protocols, ports, and address ranges you specify in that rule or additional rules.*

- **DNS Names and Servers:** DNS servers used by the VPN connection after the device establishes the connection.

- **Routes:** Network routes used by the VPN connection. Creating more than 60 routes may cause a policy error.

Complete the wizard.

The new VPN profile is displayed in the **VPN Profiles** node in the **Assets and Compliance** workspace.

**Authentication Method Reference**

Available VPN authentication methods depend on the connection type:

**Certificates:**
- If client certificate authenticates on a RADIUS server, such as a network policy server, set the alternative name of the signer in the certificate to the username principal name.

Supported Connection Types:
- Pulse Secure
- F5 Edge Client
- Dell SonicWALL Mobile Connect
- Check Point Mobile VPN

**Username and Password:**
Supported Connection Types:
- Pulse Secure
- F5 Edge Client
- Dell SonicWALL Mobile Connect
- Check Point Mobile VPN

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk