Manual Chapter : Configuring Per-App VPN with APM and F5 Access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Manual Chapter

Configuring Per-App VPN with APM and F5 Access

What is a per-app VPN?

With Android 5.0, Google enhanced its VPN framework to support application-level layer-3 tunneling. Users must first connect with F5 Access manually, then start the app on the device with traffic that is required to go through the VPN tunnel.
For a seamless experience, use the always-on VPN functionality for users where the manual start of the tunnel is not required.
Admin users can configure a list of allowed apps or disallowed apps; traffic from the "allowed apps" list is able to pass through the VPN tunnel while traffic from the "disallowed apps" list is unable to pass through. Use the allowed apps or disallowed apps URL scheme parameters if the device is not a managed device using a Mobile Device Manager (MDM) solution.
Users can have multiple configurations but can choose only one at a time. Per-app VPN gives IT granular control over corporate network access and ensures that data transmitted by managed apps travels only through a separate VPN tunnel and are isolated in the workspace. Meanwhile, other data, like an employee's personal web browsing activity, do not use the VPN. Per-app VPN also works with the mobile browser on a per-app basis on Android 5.0 and later versions. Users with Android for Work should use the same configuration as per-app VPN with Android F5 Access.
A per-app VPN configuration requires four configuration components.
  • A device under MDM management.
  • A managed app installed on the device or the mobile browser.
  • F5 Access for Android installed on the managed device. For Android for Work, F5 Access should be installed within the Android for Work container.
  • A related F5 Access configuration (VPN). This is configured with an MDM command that associates the app with an F5 Access configuration.
Per-app VPN is currently not supported for Android apps on Chrome OS.