Forum Discussion
dwp1975
Apr 30, 2024Copper Contributor
Always on VPN Android
I am trying to enforce the use of a VPN client (have app as a required install). I did the device restriction policy and on my device and it shows up on my device. Problem is, I want all traffic bloc...
SebastiaanSmits
May 01, 2024Steel Contributor
Lockdown mode is the way to go, if I read your message correctly this is what you try to accomplish:
"Lockdown mode: Enable forces all network traffic to use the VPN tunnel. If a connection to the VPN isn't established, then the device won't have network access." See here.
What VPN solution are you using? Is it integrated to Entra Modern Authentication or is certificate based (might be the nicest solution for this). You definitely need to make network connections to the authentication servers...
- dwp1975May 01, 2024Copper Contributor
SebastiaanSmits ZScaler is the VPN app being used. With lockdown mode enabled, how do I get around opening up the URLs for the app to authenticate? Unlike for iOS, Android doesn't have a URL exclusion list.
- SebastiaanSmitsMay 02, 2024Steel Contributor
The connection to the VPN Gateway (you provide this in your VPN configuration) is reachable in Lockdown. But that's why the question, what kind of authentication do you use, is important here. With CBA to the Gateway (or other direct Gateway authentication) this works without problems but if you use Modern Auth and there is a redirect to Entra this is not going to work as is. There is indeed no exclusion available: https://issuetracker.google.com/issues/238109298?pli=1
- SebastiaanSmitsMay 03, 2024Steel ContributorBy the way is also possible to check the VPN client logs to see what URL it trying to reach when authentication fails..