• Mobile Connect for macOS 5.0
• Introduction to Mobile Connect
  • How Mobile Connect Works
  • New Features in Mobile Connect 5.0
  • Supported Platforms
    • Apple Product Support
    • SonicWall Appliance Support
    • Required Network Information
      • DNS Domain Settings on Appliances
• Installing and Connecting
  • Installing Mobile Connect
  • Creating and Saving Connections
    • Creating Firewall or SMA 100 Series Connections
    • Creating SMA 1000 Series Connections
  • Connecting to the Mobile Connect Server
  • Configuring Client Certificates
    • Configuring Client Certificates with SMA 1000 Series
    • Configuring Client Certificates with SMA 100 Series
  • Enabling Connect on Demand
    • Enabling Connect on Demand with SMA 1000 Series
    • Enabling Connect on Demand to SMA 100 Series
• Preferences and URL Control
  • Preferences Overview
  • Additional SMA 1000 Series Options
  • Using Apple Configurator 2 with Mobile Connect
  • URL Control Syntax and Parameters
    • Using the addprofile Command
    • Using the connect Command
    • Using the disconnect Command
    • Using the callbackurl Command Parameter
• Monitoring, Logs, and Troubleshooting
  • Monitoring Mobile Connect
  • Using Mobile Connect Help and Log Options
  • Troubleshooting Mobile Connect
• SonicWall Support
  • About This Document

Enabling Connect on Demand with SMA 1000 Series

A VPN configuration on the SMA 1000 Series must meet the following requirements to support Connect on Demand:

• The VPN tunnel must not be configured for Redirect‐All mode.
• The realm must be configured to use client certificates for authentication. Chained authentication (where a second authentication server is used) does not support Connect on Demand.
• The valid client certificate for the realm must be present.
• The user must successfully connect to the appliance at least once.

• There must be no user interaction required for the user to connect.

  If the Mobile Connect app is not running and user interaction is required for the VPN connection attempt to succeed, Connect on Demand might fail to connect. Scenarios where user interaction might be required include the following:

  • User authentication by entering a username and password is required.
  • Two‐factor authentication is enabled, requiring a one‐time password or token.
  • The VPN server's SSL certificate is untrusted, requiring acceptance of an SSL certificate warning.
  • Personal Device Authorization is enabled on the server and the device has not been authorized,
  • requiring acceptance of a personal device authorization policy.

To enable Connect on Demand to an SMA 1000 Series

1. On your Mac, open Network Settings in System Preferences.
2. Select the VPN connection from the list of network connections.

3. Select the Connect on demand checkbox to enable the feature.

   

4. Click Apply.