Learn how to install InterScan Web Security as a Service (IWSaaS) in iOS and Adroid devices.
Mobile VPN supports the iOS and Android platforms. With mobile VPN, each mobile user connects to IWSaaS and establishes an Internet Protocol Security (IPsec)-based VPN tunnel to send and receive traffic. Mobile VPN uses certificate-based authentication coupled with the mobile user’s username and password to authenticate the user when establishing the VPN tunnel.
To set up IWSaaS on a mobile device, go to Administration > Service Deployment > Mobile VPN.
Download the installation and setup file(s) in order to connect a mobile device with the IWSaaS service.
- Click the appropriate link to download the profile.
You can pass this file to mobile users who want protection from the IWSaaS Service using a VPN.
- From the email sent by the system administrator, tap the iOS mobile profile or the network link to this file.
- From the Install Profile dialog box, tap Install.
Since this is a self-signed certificate, a warning message appears stating that this profile is unverified. There is no reason to be concerned about this.
- Tap Install.
The warning message stating that this profile is unverified is nothing to be concerned about and requires no action from you. The Profile Installed screen appears displaying two certificates – the VPN Certificate Authority (CA) certificate and the mobile client certificate – as well as the various VPN settings such as VPN server name and proxy information.
- Tap Install.
If the mobile device is protected with a PIN, provide the necesarry information.
- Tap Done.
Once the certificates are installed and signed by a CA, the Unverified Profile warning message disappears and the installed profile appears in the Profiles screen.
To view the newly installed profile, go to Settings > General > Profiles.
- Go to Settings > VPN > IWSaaS Mobile.
- Tap on the small, blue arrow button.
The Add Configuration dialog box appears for that VPN profile with the IPSec tab enabled.
From the Add Configuration dialog box, enter the account and password and then tap Save.
- Click the appropriate links to download the CA and Android certificate.
You can pass these files to mobile users who want protection from the IWSaaS Service using a VPN.
- From the email sent by the system administrator, import the certificates:
- Tap the CA certificate link to import the certificate.
- Specify the name tag for the CA certificate.
Example: IWSaaS Root CA.
- Tap the mobile certificate link to import the certificate.
When prompted, specify "trendmicro" as the password to extract the certificate.
- Specify the name tag for the mobile certificate, such as “IWSaaS Mobile”.
- To view your certificates, go to Settings > Security > Trusted Credentials.
The System tab is displayed by default.
- Tap the User tab.
The CA certificate you installed appears.
- To configure the Android VPN profile, select Settings > Wireless & Networks > More Settings > VPN.
- Choose basic VPN between basic or advance VPN.
- Enter the details of the VPN profile. Take note to the following:
- Enter the profile name (Example: IWSaaS VPN Service) in the Name field. This can be any ASCII string that describes your profile.
- Change the default Type field from "PPTP" to "IPSec XAuth RSA".
- In the Server Address field, enter the VPN service name “vpn.iws.trendmicro.com”.
- Select the client certificate (Example: IWSaaS Mobile) that you just installed on the IPSec user certificate field.
- Click Save.
- From the list of configured VPN profiles, tap and hold on the profile name.
- Enter your IWSaaS account information in the User name and Passwordfields.
You can save the information to avoid entering it for each session of IWSaaS VPN.