Client Connector
Dual Tunnel Feature Configuration with Jamf Pro for iOS
With the dual tunnel feature, organizations can capture Per App traffic via a secondary tunnel and send it to the Zscaler Private Access (ZPA) applications, while all other apps still tunnel to Zscaler Internet Access (ZIA) through the primary tunnel.
Before following this guide, ensure that Zscaler Client Connector is installed on your device. To learn more, see Deploying Zscaler Client Connector with Jamf Pro for iOS.
With Jamf Pro, you can configure the dual tunnel feature for iOS devices:
- Step 1: Create and Push Primary Tunnel Configuration Profile from Jamf Pro
- Click New.
- In the General section, enter a Name for the profile.
- From the menu on the left, scroll down to the VPN section.
In the VPN section:
- Connection Name: Enter a name for the connection.
- VPN Type: Choose VPN.
- Connection Type: Choose Custom SSL.
- Identifier: Enter
com.zscaler.zscaler - Server: Enter
VPN - Provider Bundle Identifier: Enter
com.zscaler.zscaler.tunnel
- Custom Data: Click Add to add the key
tunnelTypeand valueZIA. - User Authentication: Choose Certificate.
- Provider Type: Choose Packet-Tunnel.
- Select Enable VPN On Demand and Prohibit users from disabling on-demand VPN settings option.
- Click Save.
- In the Scope section, click Add to add a device.
- Step 2: Create and Push Secondary Tunnel Configuration Profile from Jamf Pro
- In the Devices section, go to Configuration Profile and click New.
- In the General section, provide a Name for the profile.
- From the menu on the left, scroll down to the VPN section.
In the VPN section:
- Connection Name: Enter a name for the connection.
- VPN Type: Choose Per-App VPN
- Select Automatically start Per App VPN connection
- Per-App VPN Connection Type: Choose Custom SSL
- Identifier: Enter
com.zscaler.zscaler - Server: Enter
VPN - Provider Bundle Identifier: Enter
com.zscaler.zscaler.tunnelsecondary - Custom Data: Click Add to add the key
tunnelTypeand valueAPP.
- User Authentication: Choose Certificate
- Provider Type: Choose Packet-Tunnel
- Select the Enable VPN On Demand and Prohibit users from disabling on-demand VPN settings
- Click Save.
- In the Scope section, click Add to add a device.
- Step 3: Push Per App VPN App on Mobile Device from Jamf Pro
- Select the previously added application. For example, Microsoft Edge: Web Browser.
- In the General section, choose the Make Available in Self Service option for the Distribution method.
- Scroll down to the Per-App Networking section. For Per-App VPN, select the Per-App VPN profile that you created in Step 2: Create and Push Secondary Tunnel Configuration Profile from Jamf Pro
- In the Scope section, click Add to add a device.
- Step 4: Install Per App VPN App from Self Service Application
- Browse all the listed applications and install the Per-App VPN Application. For example, Microsoft Edge.
- Step 5: Verify Profiles Created on iOS VPN Settings
- The two VPN profiles that you created are shown in the Device VPN and Per-App VPN sections.
