AppToAppLayerVPNMapping
The payload that configures per-app VPN settings.
Declaration
object AppToAppLayerVPNMappingProperties
| Name | Type | Description |
|---|---|---|
AppLayerVPNMapping Required | [AppToAppLayerVPNMapping.AppLayerVPNMappingItem] | The array of VPN mapping dictionaries. |
Discussion
Specify com.apple.vpn.managed.appmapping as the payload type.
Profile availability
Device channel | macOS |
User channel | macOS |
Allow manual install | macOS |
Requires supervision | NA |
Requires user-approved MDM | NA |
Allowed in user enrollment | macOS |
Allow multiple payloads | NA |
Profile example
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>IPSec</key>
<dict>
<key>RemoteAddress</key>
<string>10.0.1.42</string>
<key>XAuthName</key>
<string>username</string>
<key>OnDemandEnabled</key>
<integer>0</integer>
<key>XAuthPassword</key>
<string>password</string>
<key>AuthenticationMethod</key>
<string>None</string>
<key>LocalIdentifier</key>
<string>outside-psk-full</string>
<key>PromptForVPNPIN</key>
<false/>
</dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>0</integer>
</dict>
<key>Proxies</key>
<dict/>
<key>UserDefinedName</key>
<string>outside-asa-ipsec-full</string>
<key>VPN</key>
<dict>
<key>RemoteAddress</key>
<string>10.0.1.42</string>
<key>DisconnectOnIdle</key>
<integer>0</integer>
<key>AuthName</key>
<string>username</string>
<key>AuthPassword</key>
<string></string>
<key>AuthenticationMethod</key>
<string>password</string>
</dict>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>Group</key>
<string></string>
</dict>
<key>VPNSubType</key>
<string>com.cisco.anyconnect.applevpn.plugin</string>
<key>VPNUUID</key>
<string>beb2dc33-280d-48ce-a2f6-9e164cccc18a</string>
<key>OnDemandMatchAppEnabled</key>
<false/>
<key>PayloadIdentifier</key>
<string>com.example.myvpnmanagedapplayerpayload</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
<key>PayloadUUID</key>
<string>6A0806DD-6BA7-41A0-A612-FDE7D4B6959D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>AppLayerVPNMapping</key>
<array>
<dict>
<key>VPNUUID</key>
<string>beb2dc33-280d-48ce-a2f6-9e164cccc18a</string>
<key>Identifier</key>
<string>come.example.firefox</string>
<key>DesignatedRequirement</key>
<string>anchor apple generic and certificate leaf[field.9.8.765.432109.876.5.4.3] /* exists */ or anchor apple generic and certificate 1[field.9.8.765.432109.876.5.4.3] /* exists */ and certificate leaf[field.9.8.765.432109.876.5.4.3] /* exists */ and certificate leaf[subject.OU] = "ABCDE12345"</string>
<key>SigningIdentifier</key>
<string>ABCDE12345</string>
</dict>
</array>
<key>PayloadIdentifier</key>
<string>com.example.myapplayvpnmappingpayload</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed.appmapping</string>
<key>PayloadUUID</key>
<string>3B9E6DC0-1644-4CD1-908B-C970F7213F2D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>App to App Layer VPN Mapping</string>
<key>PayloadIdentifier</key>
<string>com.example.myprofile</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>6E65044E-AEDC-4671-ACF4-80042CD53B2D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>