Help

Allow MDM server outside of always on VPN?

Graeme
Contributor

Posted on ‎08-28-2018 08:18 PM

HI all,
With iOS is it possible to allow the MDM traffic outside of an always on VPN? This is to enable us to disable the VPN if that part of our infrastructure goes down (which does happen).
There are options to make the VPN per app or exclude specific Bundle IDs. Either forcing all apps to use a VPN or excluding the Bundle ID's of the iOS management components (if they exist) seems like promising approachs.

Regards
Graeme

Labels:
0 Kudos
Reply
2 REPLIES 2

ammonsc
Contributor II

Posted on ‎08-29-2018 06:08 AM

Is there a reason you cannot run the MDM server in a DMZ? Or for better security you could cluster the servers and keep the main server inside the LAN and the cluster server in the DMZ. Then use split DNS tunneling for access?

0 Kudos
Reply

Graeme
Contributor

Posted on ‎08-29-2018 03:53 PM

Thanks for the suggestion however we already run the MDM in a DMZ with a split DNS. If the iPad cannot connect to the always on VPN it wont allow any network traffic, including to either face of the MDM server. Since the network traffic is blocked it cant get any command to remove the profile.

0 Kudos
Reply