top of page

Enrollment using Standalone WSO VPN Tunnel Client

  • Writer: airwatchhk
    airwatchhk
  • Sep 5, 2022
  • 1 min read

Updated: Nov 22, 2023



Now you can use VPN tunnel in standalone mode without fully managing Windows or macOS.


The standalone VPN client is a all-in-one client comes with enrollment, certificate retrieval and VPN profile installation capability.


This is particular useful for cases like BYOD devices, legacy full device VPN replacement and VPN add-on to devices already managed by other UEM solution.


If you have already been using tunnel for managed devices, you are only a few steps away from making it available for non-managed devices.


Enable non-managed enrollment mode:


ree

Create tunnel profile for non-managed device. The way to do is exactly the same as creating tunnel profile for managed devices.


ree


ree

Device enrolled using tunnel client is marked as “Managed by App Level”. Administrator can block a device or have certificate revoked from a device.


ree



ree

Now, we can have the tunnel installer downloaded to install tunnel. Please make sure it is the standalone version.


User can get his device enrolled with the standalone tunnel client.



ree

It also supports modern authentication like WSO Access, Azure AD and other SAML IdP.



ree


This is a demo video showing how to get a windows devices enrolled with standalone VPN client and get access to internal URL right away.




To provide secure and seamless user experience, tunnel authentication is certificate based. Client certificate is issued with device UDID. This is to make sure the certificate can only be used on one particular device.


ree

Certificate pinning is implemented on both server side and client.


Server retrieves allowed device list from UEM console together with the device certificate thumbprint.


ree

For troubleshooting, you can get the client side debugg log turned on


ree

ree

Reference:


Comments


Post: Blog2_Post
  • Facebook
  • Twitter
  • LinkedIn

©2021 by EUC852. Proudly created with Wix.com

bottom of page