Networks configuration

iOS Profile Configuration in the Menu Network

Last adaptation to the version: 2.7

New:

Using the user certificate with EAP client / WPA2 Enterprise
Clearer sorting in the EAP client

Changed menu navigation

notempty

This article refers to a Beta version

Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:

MS/deployment/user (← links)
MS (← links)
MS/deployment/profile-AppleTV (transclusion) (← links)
MS/deployment/profile-Device (transclusion) (← links)
MS/deployment/profile-User (transclusion) (← links)

Networks

In this section, access profiles for WiFi networks can be configured and pushed to the device.

Network configuration

Caption

Value

Description

Network configurations

Add configuration

Network configuration

Name

Name of the configuration

Type

WiFi

Configuration type (WiFi predefined)

Wifi

SSID

The SSID of the network

Security

Security level of the network key

None

No security

WEP-PSK

Insecure

WPA-PSK

Secure

Password

Password of the account for the server

Hidden SSID

When activated , the network's SSID is hidden

Autoconnect

When activated , the device automatically connects to the network

Deactivate MAC randomisation

When activated , the devices always identify themselves with the same MAC address in a network. Cannot be changed by the user.

This function also displays a data protection warning in the settings that the network has limited data protection.
This value is only locked if the profile is installed via an MDM.
If the value is set with the Apple Configurator, for example, it can be changed by the user.

EAP-Client / WPA2 Enterprise

Use EAP Client

When activated , the EAP client, the WPA2 Enterprise, can be used

Available options for the EAP type EAP-AKA. Additional options will be available for other EAP types

EAP Types

Select EAP Types

The EAP type is selected. Several types can be selected.
The choices are:

EAP-AKA
EAP-FAST
EAP-SIM
LEAP
PEAP
TLS
TTLS

Payload Certificate Anchor UUID

The certificate that is handed to the server by the client as authentication when logging on to the WLAN.

Apple: An array of the UUID of a certificate payload to trust for authentication

notempty

New as of: 2.7

The user certificate $user_cert$ can be used

System Mode Credentials Source

The server for the system mode credentials

Use Open Directory credentials

When activated logging in through Open Directory is possible

Allow two-factor authentication

When activated , two-factor authentication is possible

Trusted certificates

The certificates that are to be trusted are entered.
These certificates must first be stored in the
notempty

New as of: 2.7

The user certificate $user_cert$ can be used

Trusted server names

The names of the servers that are to be trusted are entered

Provision PAC		When activated PAC will be provided
Provision anonymously Displayed when Provision PAC is activated.		When activated PAC will be provided anonymously
Use existing PAC		When activated existing PAC will be used
One time user password		If activated , the user will be prompted to enter the password each time they connect
Outer Identity		A name that hides the user's true name
Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2
Username		Username of the account for the server
Password		Password of the account for the server

EAP SIM Number Of RANDs	3 default	The number of EAP SIMs of the RANDs is selected

One time user password		If activated , the user will be prompted to enter the password each time they connect
Username		Username of the account for the server
Password		Password of the account for the server

One time user password		If activated , the user will be prompted to enter the password each time they connect
Outer Identity		A name that hides the user's true name
Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2
Username		Username of the account for the server
Password		Password of the account for the server

Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2

One time user password		If activated , the user will be prompted to enter the password each time they connect
Outer Identity		A name that hides the user's true name
Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2
TTLS Inner Authentication	MSCHAPv2 default	The inner authentication of TTLS is selected. The choices are: PAP EAP CHAP MSCHAP MSCHAPv2
Username		Username of the account for the server
Password		Password of the account for the server

Global HTTP proxy

A Global HTTP proxy can be configured, for example, if devices are permanently on the same network and a local proxy is to be used on the device.
Especially recommended for devices that only have an MDM license. These can then use, for example, the protection functions of a Securepoint UTM with web filter, etc.

Global HTTP proxy configuration

Use global HTTP proxy

When activated the global HTTP proxy is used

Type

Manual
Automatic

For a manual proxy type, the profile contains the proxy server address, including the port, and optionally a user name and password. For an auto proxy type, you can enter a PAC URL.

Allow captive login

Username

The username used to authenticate to the proxy server

Password

The password used for authentication to the proxy server

Server

The network address of the proxy server

Server port

8080

The port used to connect to the proxy server