How to confirm SEP Mobile VPN is properly installed
search cancel

How to confirm SEP Mobile VPN is properly installed

book

Article ID: 258882

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

A mobile threat defense (MTD) administrator or mobile device user needs to confirm that the SEP Mobile app's VPN protection is properly installed.  

Environment

The SEP Mobile app offers VPN protection on both iOS and Android devices, however it should be noted that on iOS there are two VPN profiles, one for the network tunneling VPN to protect against network threats, and one which is engaged when the device is non-compliant to prevent access to company resources (Sensitive Resource Protection).  

On Android devices it is only possible to have one VPN running, therefore the network tunneling and resource protection functions are both covered by the same VPN module on this platform.  Please be aware that when an Android device is enrolled in MDM and has a work profile, in this scenario it is possible to have one VPN running in both the primary / personal and work profiles of the device.  

Resolution

On an iOS device, a user can follow these steps to confirm that both SEP Mobile VPN profiles are installed:

1.) From the home screen tap Settings. 
2.) Tap VPN. 
3.) Verify that both the XNDC (network threat / tunneling) and SRP (Sensitive Resource Protection / compliance enforcement) VPN profiles are installed: 

On an Android device, a user can follow these steps to confirm that the SEP Mobile VPN module is installed:

1.) As there is some variation between Android models and distributions, it's best to open Settings and then perform a search for "VPN".  (Example steps would be Settings > Connections > More Connection Settings > VPN.)
2.) Under VPN settings, confirm that the SEP Mobile VPN module shows as installed: 

In the SEP Mobile Management Console (MC), an administrator can follow these steps to confirm the status of VPN on an enrolled device: 

1.) For an iOS device, locate the device in the MC and confirm the presence of a check mark in the padlock icon column of the device record.  Mousing over this checkmark should present popup text that reads "Protection is setup properly". 

By selecting the device record, it is then possible to also inspect the status of the VPN profiles in the device details pane to the right.  Two profiles should show as being installed for iOS; the profile names shown here may vary. 

2.) For an Android device, locate the device in the MC and confirm the presence of a check mark in the padlock icon column of the device record.  Mousing over this checkmark should present popup text that reads "Protection is setup properly". 

By selecting the device record, it's possible to view the status of the VPN module in the device details pane to the right. 

In the event VPN is not setup properly, a yellow health status will appear for the device in the MC with a "Protection is not setup properly" alert for the device.  The device user will be prompted to remediate the VPN configuration, and by tapping the alert the user will be taken into the SEP Mobile app and guided through a few quick steps to resolve the situation.  

 

Additional Information

VPN Configuration Profiles in SEP Mobile
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Security-Settings/VPN-configuration-profiles-in-SEP-Mobile.html

VPN protection for Android and iOS devices
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Security-Settings/Mobile-VPN-protection-features.html 

Protection actions against network connection threats
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Security-Settings/protection-actions-against-network-connection-thr-v132576311-d4221e8237.html 

Powered by Wolken Software