Mobile Connect for iOS 5.0

Technical Documentation>  Installing and Connecting>  Configuring Connect on Demand>  Connect on Demand to SMA 100 and SMA 1000 Series
Table of Contents

Connect on Demand to SMA 100 and SMA 1000 Series

On SonicWall SMA 100 Series and SonicWall SMA 1000 Series, client certificate authentication is available as a second factor authentication method in addition to standard user name and password authentication. If a client certificate is required during authentication, the user is automatically prompted to select a client certificate from the iOS device.

Selecting a certificate

Tapping on the information indicator that appears to the right of the client certificate displays additional details for the client certificate.

Certificate details

By default, a VPN configuration uses the client certificate setting of Choose during login.

To support Connect on Demand, a VPN configuration on the SonicWall SMA 1000 and SMA 100 Series must meet the following requirements:

  • The user’s effective client certificate enforcement policy, configured at the domain or user level, must be enabled to use client certificates for authentication.
  • The user’s effective user name and password caching policy (configured at the global, group, or user level) must be set to Allow saving of username and password.
  • The valid client certificate for the user must be present on the iOS device.
  • The iOS VPN connection profile must have the user name and password configured, and the appropriate client certificate must be selected. See Importing Certificates to the iOS Device for more information.

To configure Connect on Demand to SonicWall SMA 100 and SMA 1000 Series

  1. Tap Certificate on the Edit Connection screen.

  2. Select a client certificate from the list.

    The Connect On Demand setting is displayed.

  3. Tap Connect On Demand on the Edit Connection screen to enable Connect On Demand and display the Connect On Demand screen.

  4. In the Connect On Demand screen, set Domain List to Connect If Needed to have Mobile Connect establish a VPN connection when accessing a resource with any of the domain suffixes listed.

    Setting Domain List to Never Connect disables Connect on Demand for the domain suffixes listed.

  5. If more than one domain is listed, tap a domain name to enable Connect on Demand for an individual domain.

    Always Connect domains are no longer supported in iOS. They behave the same as Connect if Needed.