• Mobile Connect for iOS 5.0
• Introduction to Mobile Connect
  • How Mobile Connect Works
  • New Features in Mobile Connect 5.0
  • Additional Feature Information
  • Supported Platforms
    • Apple Product Support
    • SonicWall Appliance Support
    • Required Network Information
• Installing and Connecting
  • Installing Mobile Connect
  • Creating and Saving Connections
    • Creating Firewall or SMA 100 Series Connections
    • Creating SMA 1000 Series Connections
  • Initiating a Connection
  • Configuring Connect on Demand
    • Connect on Demand to SMA 1000 Series
    • Connect on Demand to SMA 100 and SMA 1000 Series
  • Configuring Trusted Network Detection
  • Using Apple Configurator 2 with Mobile Connect
  • Configuring Per App VPN
• Settings, Bookmarks, Files, and Certificates
  • Settings Overview
  • URL Control Syntax and Parameters
    • Using the addprofile Command
    • Using the Connect Command
    • Using the Disconnect Command
    • Using the callbackurl Command Parameter
  • Using Bookmarks
    • Showing and Filtering Bookmarks
    • Supported Bookmark Types
      • Desktop Bookmarks
        • RDP Bookmarks
        • VNC Bookmarks
        • Citrix Bookmarks
      • Web Bookmarks
      • Mobile Connect Bookmarks
      • Terminal Bookmarks
  • Using Files
  • Files Features
    • Supported File Types
    • Unsupported File Types
    • File Policies and Actions
  • Importing Certificates to the iOS Device
    • Using Mobile Device Management for Certificate Import
    • Using Mobile Connect Client Certificate Importer
• Monitoring and Troubleshooting
  • Monitoring Mobile Connect
  • Troubleshooting Mobile Connect
• SonicWall Support
  • About This Document

Connect on Demand to SMA 100 and SMA 1000 Series

On SonicWall SMA 100 Series and SonicWall SMA 1000 Series, client certificate authentication is available as a second factor authentication method in addition to standard user name and password authentication. If a client certificate is required during authentication, the user is automatically prompted to select a client certificate from the iOS device.

Selecting a certificate

Tapping on the information indicator that appears to the right of the client certificate displays additional details for the client certificate.

Certificate details

By default, a VPN configuration uses the client certificate setting of Choose during login.

To support Connect on Demand, a VPN configuration on the SonicWall SMA 1000 and SMA 100 Series must meet the following requirements:

• The user’s effective client certificate enforcement policy, configured at the domain or user level, must be enabled to use client certificates for authentication.
• The user’s effective user name and password caching policy (configured at the global, group, or user level) must be set to Allow saving of username and password.
• The valid client certificate for the user must be present on the iOS device.
• The iOS VPN connection profile must have the user name and password configured, and the appropriate client certificate must be selected. See Importing Certificates to the iOS Device for more information.

To configure Connect on Demand to SonicWall SMA 100 and SMA 1000 Series

1. Tap Certificate on the Edit Connection screen.

2. Select a client certificate from the list.

   The Connect On Demand setting is displayed.

   

3. Tap Connect On Demand on the Edit Connection screen to enable Connect On Demand and display the Connect On Demand screen.

4. In the Connect On Demand screen, set Domain List to Connect If Needed to have Mobile Connect establish a VPN connection when accessing a resource with any of the domain suffixes listed.

   Setting Domain List to Never Connect disables Connect on Demand for the domain suffixes listed.

   

5. If more than one domain is listed, tap a domain name to enable Connect on Demand for an individual domain.

   Always Connect domains are no longer supported in iOS. They behave the same as Connect if Needed.