Manual Chapter :
Configuring Per-App VPN with APM and F5 Access
Applies To:
Show VersionsBIG-IP APM
- 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Configuring Per-App VPN with APM and F5 Access
What is a per-app VPN?
With Android 5.0, Google enhanced its VPN framework to
support application-level layer-3 tunneling. Users must first connect with F5 Access manually,
then start the app on the device with traffic that is required to go through the VPN tunnel.
Admin users can configure a list of allowed apps or
disallowed apps; traffic from the "allowed apps" list is able to pass through the VPN tunnel
while traffic from the "disallowed apps" list is unable to pass through. Use the allowed apps or
disallowed apps URL scheme parameters if the device is not a managed device using a Mobile Device
Manager (MDM) solution.
For a seamless experience, use the always-on VPN functionality for users where the manual
start of the tunnel is not required.
Users can have multiple configurations but can choose only
one at a time. Per-app VPN gives IT granular control over corporate network access and ensures
that data transmitted by managed apps travels only through a separate VPN tunnel and are isolated
in the workspace. Meanwhile, other data, like an employee's personal web browsing activity, do
not use the VPN. Per-app VPN also works with the mobile browser on a per-app basis on Android 5.0
and later versions. Users with Android for Work should use the same configuration as per-app VPN
with Android F5 Access.
A per-app VPN configuration requires four configuration components.
- A device under MDM management.
- A managed app installed on the device or the mobile browser.
- F5 Access for Android installed on the managed device. For Android for Work, F5 Access should be installed within the Android for Work container.
- A related F5 Access configuration (VPN). This is configured with an MDM command that associates the app with an F5 Access configuration.
Per-app VPN is currently not supported for Android apps on Chrome OS.