Jamf Nation Community

@boberito @llitz123 I have Mobile Connect deploying via Self Service and the App Store and I have a config profile successfully setting it up.
My problem is that the app still requires administrator access on first run.

I've been trying to capture it and figure out what is being modified that would need access but no luck so far.
It does mess with the kernel extensions and that may be it but I can't replicate it.

Any ideas how to work past that?
I do have a support case open with SonicWALL right now. Just waiting to hear back.

How'd you get those issues to work? Do you mind sharing?

@boberito Nothing different than I'm sure you probably tried.
Added the SonicWALL app from the App Store to Self Service.
Then added a configuration profile with the VPN payload for SonicWALL.

Now we are still implementing and a co-worker of mine just found an issue. He discovered the username wasn't updating from the config profile and changed it from machine level to user level.

That is now prompting for an admin password on every login to update the config profile. So obviously that won't work.
May have to open a ticket with either SonicWALL or jamf for that.

Honestly I strangely never thought to do both. I tried 1 or the other. I figured if I pushed a configuration profile I didn't need the App. But the profile configures the app it sounds like (or partially). And I tried to configure things using plists and nonsense like that.

I will play with this tomorrow.

Thanks for the idea and help.

So alright, I worked on this and made some progress.

I made Static Group called "SonicWall Mobile Connect Group". I purchased Sonicwall Mobile Connect with our VPP account set it up to be scoped to "SonicWall Mobile Connect Group". Set it to assign VPP content since we're all 10.11 and higher. Set it to auto install. Set up the Configuration Profile using $USERNAME so it'll use the username of the user. Scoped the CP to the SonicWall static group. Set the CP to auto install as well.

Created a script(I'll add that at the end) to that'll add the a machine to the static group using an API call. Set up a policy that runs this script and updates inventory.

So once they run the policy it runs the script that adds them to the static group. Then the configuration profile and shortly after the app gets pushed to their computer.

#!/bin/sh

#API login info
apiuser=
apipass=''
jamfProURL=""

ComputerName=`hostname`

#update group with ID 232
apiURL="JSSResource/computergroups/id/232"

#XML header stuff
xmlHeader="<?xml version="1.0" encoding="UTF-8" standalone="no"?>"

apiData="<computer_group>
<id>232</id>
<name>SonicWall Mobile Connect</name>
<computers>
<computer>
<name>$ComputerName</name>
</computer>
</computers>
</computer_group>"

curl -sSkiu ${apiuser}:${apipass} "${jamfProURL}/${apiURL}" 
    -H "Content-Type: text/xml" 
    -d "${xmlHeader}${apiData}" 
    -X PUT  > /dev/null

So i haven't needed admin access but I'm an admin on the machine. Also at the school I'm at non of the VPN users are nonadmins. I will try again tomorrow from a student laptop and see if it'll work without asking for admin access.

Anyway I wanted to put that all out there for anyone to find it and use it all.

So I tried it on a student account, non admin. Everything is set up...it looks like it'll work. But then clicking that Connect button pops up saying it needs a 1 time admin access. So doesn't look like I can get around it.

Network settings are unlocked by non admins for us. So I'm a little surprised it won't work.

Anyway sorry :(

@llitz123 @boberito , just wanted to post an update that I am still struggling with this.
I've worked with a nice rep from SW that claims this is an Apple restriction.

The problem is that OSX doesn't allow programs direct access to resources, and they can only make calls for them, then the OS decides if and what to do. What my Developers said was that the requirement of "admin rights" to create the VPN policy comes from the framework Mobile Connect uses within OSX, so that's where the "Apple restriction" comes in.

Anyway that what is being said by SW.
They did say this would be fixed in a future version of the App "as soon as Apple changes the restriction". So yeah, it probably isn't changing.

Now I still don't buy that I can't set this up via command line but I swear I'm not finding the right file/permissions/holding my tongue just right to be able to get it.

Did anyone manage to successfully do this?

I have successfully done what @dakh7 has done also. I just have issues because we already have the app provisioned manually and I'm trying to figure out how to remove and re-add the app from the App Store without causing significant issues to staff.

I have made a VPN profile for Mojave that specifically states the connection type as "SonicWALL Mobile Connect". I've also installed a new copy of the SonicWALL Mobile Connect app from the App Store. However when I launch the app, it doesn't see the VPN settings created by the profile (under connection my only option is "Add connection..."). If i go to the VPN settings the profile made in network prefs and connect through there, I get a message that says "Please launch SonicWALL SSLVPN to enable the VPN connection."

Is there another Sonicwall VPN client I should be using?

The config profile you created uses apples built in VPN not the app. If you’re using an SSL VPN it’s probably layer 3 vpn and the apple one runs at layer 2.

That's confusing but I got it. I created the profile using a custom SSL setting that references the bundle ID of the Sonicwall app and now it's working. Thanks.

@sammich Hello, Can you provide an example of the custom SSL setting that worked and also the referencing of the bundle ID?

Spent a lot of time trying to figure this out - so I would be happy to help those who come after me!

Specifically when it comes to the SonicWALL Mobile Connect client...the hints are all here, but this is how you do it:

Create a Configuration Profile
- Name it
- For "VPN Type" chose "VPN"
- For "Connection Type" choose "Custom SSL"
- Identifier should be "com.sonicwall.SonicWALL-Mobile-Connect" (if you are using the app store version...which you should be...)
- Server should be something like "dnsEntry.domain.blah:PORT" (or IP address if that's how you roll)
- You can leave account blank if you want (or specify variables)
- No custom Data
- User authentication for me was just "Password" but i left the fields blank
- Provider Type is "Packet-tunnel"
Left all the other fields blank and now when i deploy the config profile, the app will register the connections :-)