VPN configuration from Jamf Pro

New Contributor III

Hi All,

How to configure VPN (Not per-app VPN) for macOS from Jamf Pro. Also, the requirement is that User should not able to change or remove VPN  

Technical Architect

Esteemed Contributor

MacOS's built in VPN client is more or less a consumer focused product and as far as I am aware does not have an always on full tunnel offering. What VPN Client are you planning on using?

New Contributor III

Thanks @AJPinto , Here client want to go for in built VPN, they do have Zscaler but not want to go by that

Technical Architect

Esteemed Contributor

I sit corrected, L2TP over IPSec does offer a full tunnel option. Using macOS's VPN client wont be anywhere near as robust as a 3rd party client like Zscaler or AnyConnect but you can attempt to build this out using the VPN Configuration Profile payload. Setting this with a configuration profile would prevent users from modifying the settings.



Change VPN settings on Mac - Apple Support

Change options for L2TP over IPSec VPN connections on Mac - Apple Support

New Contributor III

Thanks @AJPinto , client now want to go with CheckPoint... any config file or link for you have for its configuration pl,

Also, there are other set of users who should have Zscaler, while I deploy Zscaler using the below script it gives an error in Jamf log as:


"Script result: replace Zscaler-osx- [y]es, [n]o, [A]ll, [N]one, [r]ename: NULL
(EOF or read error, treating as "[N]one" ...) Thu Apr 20 12:55:12 IST 2023 Cannot decompress dad archive. Exiting".


Script I used:


## postinstall

sleep 30

sudo /Users/Shared/Zscaler-osx- --cloudName $4 --userDomain $5



exit 0 ## Success

exit 1 ## Failure


Technical Architect