Skip Navigation

Specify which apps use
CylanceGATEWAY
on
iOS
devices

For
iOS
devices, if your organization manages devices using an EMM solution that supports configuring per-app VPN, you can configure devices to recognize
CylanceGATEWAY
as a VPN provider and configure per-app VPN to specify which apps send data through the
CylanceGATEWAY
tunnel.
To set up per-app tunnel options, you must have permissions for VPN management and app management on
iOS
devices activated using your EMM solution. To specify which apps use the
CylanceGATEWAY
tunnel in
BlackBerry UEM
perform the following steps:
  1. In the
    UEM
    management console, add the apps that you want to send data through
    CylanceGATEWAY
    to
    UEM
    and assign them to users.
    Only apps that are assigned to users use the
    CylanceGATEWAY
    tunnel. Do not assign the default browser or the
    CylancePROTECT Mobile
    app to users or the device will be unable to establish a tunnel with
    CylanceGATEWAY
    .
    For devices with the "
    User privacy
    " and "
    User privacy - User enrollment
    " activation types, only assigned internal apps and apps licensed through the
    Apple
    Volume Purchase Program
    use the tunnel.
  2. Create an activation profile that assigns one of the following activation types:
    • MDM controls
    • User privacy - User enrollment
    • User privacy
      with VPN management and app management enabled
  3. Create a VPN profile and include the following settings:
    Setting
    Description
    Connection type
    Custom
    VPN bundle ID
    com.blackberry.protect
    Server
    This setting specifies the FQDN or IP address of a VPN server. The value must be 127.0.0.1.
    Authentication type
    Password
    Password
    Leave this field blank
    Enable per-app VPN
    Selected
    Domain settings
    Specify the domains that can establish a connection through the
    CylanceGATEWAY
    tunnel. If you specify a domain, assigned apps use the tunnel only for connections to the specified domain. You can specify domains for
    Safari
    , Calendar, Contacts, Mail, and domains listed in the apple-app-site-association file. You can also specify domains that never use the tunnel.
    For devices with the "
    User privacy
    " and "
    User privacy - User enrollment
    " activation types, if you specify a domain that is not a child of the root domain specified in the
    Server
    field, the device ignores the entire VPN profile, not just the invalid domain.
    Allow apps to connect automatically
    Select this option to specify that the app can start the connection automatically.
    Connections through the
    CylanceGATEWAY
    tunnel can start only if
    CylanceGATEWAY
    is enabled in the
    CylancePROTECT Mobile
    app on the device.
    Traffic tunneling
    IP layer
  4. Assign profiles to users and instruct them to activate devices.