De-couple application allowlist and VPN configuration for per-app VPN configuration

Content

From 10.65 release, MaaS360 allows application allowlist for per-app VPN configuration without having to reissue CE cert requests for VPN profile. With this capability, CE cert reissue happens only upon updating VPN profile configuration.

This feature is available by default for all new MaaS360 customers.

How existing MaaS360 customers can opt for VPN decoupling feature?

For existing MaaS360 customers, the VPN profile and per-app VPN configuration functions remain same and CE cert is re-issued every time app allowlist that can use the VPN configured is updated.

To opt for this new feature, you need to contact IBM MaaS360 Customer Support team.

On publishing the iOS policy for the first time after opting VPN decoupling, the CE cert is reissued even on updating per-app VPN list. The CE cert reissue is only for the first-time policy publish. From the next time you publish the iOS policy, VPN configuration is reloaded and CE cert is reissued on the iOS device only when you update the VPN profile.