Microsoft Intune 中 iOS 裝置的 VPN 設定VPN settings for iOS devices in Microsoft Intune

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

下列清單中的值並非全部都能設定,須取決於您選擇的設定。Depending on the settings you choose, not all values in the following list are configurable.

基本 VPN 設定Base VPN settings

連線名稱 - 輸入此連線的名稱。Connection name - Enter a name for this connection. 終端使用者瀏覽其裝置尋找可用 VPN 連線的清單時,使用者會看到此名稱。End users see this name when they browse their device for the list of available VPN connections.

  • IP 位或 FQDN - 提供裝置所連線之 VPN 伺服器的 IP 位址或完整網域名稱。IP address or FQDN - Provide the IP address or fully qualified domain name of the VPN server that devices connect to. 範例:192.168.1.1vpn.contoso.comExamples: 192.168.1.1, vpn.contoso.com.
  • 驗證方法 - 從下列方式中選擇裝置對 VPN 伺服器的驗證方式︰Authentication method - Choose how devices authenticate to the VPN server from:
    • 憑證 - 從 [驗證憑證] 下選擇先前建立用於驗證連線的 SCEP 或 PKCS 憑證設定檔。Certificates - Under Authentication certificate, Choose a SCEP or PKCS certificate profile you previously created to authenticate the connection. 如需憑證設定檔的詳細資訊,請參閱如何設定憑證For more information about certificate profiles, see How to configure certificates.
    • 使用者名稱與密碼 - 使用者必須提供使用者名稱及密碼才能登入 VPN 伺服器。Username and password - End users must supply a username and password to log in to the VPN server.
  • 連線類型 - 從下列廠商清單中選取 VPN 連線類型︰Connection type - Select the VPN connection type from the following list of vendors:
    • Check Point Capsule VPNCheck Point Capsule VPN
    • Cisco AnyConnectCisco AnyConnect
    • Dell SonicWALL Mobile ConnectDell SonicWALL Mobile Connect
    • F5 Edge ClientF5 Edge Client
    • Pulse SecurePulse Secure
    • Cisco (IPSec)Cisco (IPSec)
    • CitrixCitrix
    • 自訂 VPNCustom VPN
  • 分割通道 - 啟用停用此選項可讓裝置依據流量決定所要使用的連線。Split tunneling - Enable or Disable this option, which lets devices decide which connection to use depending on the traffic. 例如,旅館中的使用者使用 VPN 連線存取工作檔案,但使用旅館的標準網路進行一般的網頁瀏覽。For example, a user in a hotel uses the VPN connection to access work files, but use the hotel's standard network for regular web browsing.

自訂 VPN 設定Custom VPN settings

若選取 [自訂 VPN] 作為連線類型,請進一步設定如下︰If you selected Custom VPN as the connection type, configure these further settings:

  • VPN 識別碼:這是您 VPN 提供者提供您使用之 VPN 應用程式的識別碼。VPN identifier This is an identifier for the VPN app you are using, and is supplied by your VPN provider.
  • 為自訂 VPN 屬性輸入索引鍵/值組:您可以新增或匯入索引鍵來自訂您的 VPN 連線。Enter key and value pairs for the custom VPN attributes Add or import Keys and Values that customize your VPN connection. 同樣地,這些值通常由 VPN 提供者提供。Again, these values are typically supplied by your VPN provider.

應用程式 (個別應用程式 VPN) 設定Apps (per-app VPN) settings

  • 個別應用程式 VPN - 如果希望從 Safari 瀏覽器連入 URL 時能夠使用 VPN 連線,可啟用此選項。Per-app VPN - Enable this option if you want to URLs that enable the VPN connection when they are visited from the Safari browser. 若要如此設定,必須選取憑證作為基本 VPN 設定中的驗證方法。To configure this, you must have selected Certificates as the authentication method in the base VPN settings.
  • 使用 Safari 瀏覽器時啟用的 VPN 連線 URL - 按一下 [新增],以新增一或多個網站 URL。URLs that enable the VPN connection while using the Safari browser - Click add to add one or more web site URLs. 前往這些 URL 時,會啟用 VPN 連線。When these URLs are visited, the VPN connection is enabled.

  • 依需求指定的規則 - 這可讓您設定條件式規則,控制初始化 VPN 連線的時機。On-demand rules - This lets you configure conditional rules that control when the VPN connection is initiated. 例如,您可以建立條件,在裝置未連線到您公司任何一個 Wi-Fi 網路時才使用 VPN 連線。For example, you could create a condition where the VPN connection is only used when a device is not connected to one of your company Wi-Fi networks. 您也可以建立條件,在裝置無法存取您指定的 DNS 搜尋網域時不啟動 VPN 連線。Alternatively, you could create a condition where, if a device cannot access a DNS search domain you specify, then the VPN connection is not initiated.

    • SSID 或 DNS 搜尋網域 - 選取此條件要使用無線網路 SSID 還是 DNS 搜尋網域SSIDs or DNS search domains - Select whether this condition uses wireless network SSIDs, or DNS search domains. 選擇 [新增] 設定一或多個 SSID 或搜尋網域。Choose Add to configure one or more SSIDs or search domains.
    • URL 字串探查 - (非必要) 提供規則用於測試的 URL。URL string probe - Optionally, provide a URL that the rule uses as a test. 如果此設定檔的安裝裝置無須重新導向就能存取此 URL,便會起始 VPN 連線讓裝置連線到目標 URL。If the device on which this profile is installed is able to access this URL without redirection, the VPN connection is initiated and the device connects to the target URL. 使用者將不會看到 URL 字串探查網站。The user will not see the URL string probe site. URL 字串探查的範例,是會在連線 VPN 之前先檢查裝置相容性的稽核網頁伺服器位址。An example of a URL string probe is the address of an auditing Web server that checks device compliance before connecting the VPN. 另一種可能,是 URL 會先測試 VPN 連線到網站的能力,再將裝置透過 VPN 連線到目標 URL。Another possibility is that the URL tests the ability of the VPN to connect to a site before connecting the device to the target URL through the VPN.
    • 網域動作 - 請選擇下列其中一個項目︰Domain action - Choose one of the following items:
      • 連線 (若需要) -Connect if needed -
      • 一律不連線 -Never connect -
    • 動作 - 請選擇下列其中一個項目︰Action - Choose one of the following items:
      • 連線 -Connect -
      • 評估連線 -Evaluate connection -
      • 忽略 -Ignore -
      • 中斷連線 -Disconnect -

Proxy 設定Proxy settings

  • 自動設定指令碼 - 使用檔案設定 Proxy 伺服器。Automatic configuration script - Use a file to configure the proxy server. 輸入包含設定檔的 Proxy 伺服器 URL (例如http://proxy.contoso.com)。Enter the Proxy server URL (for example http://proxy.contoso.com) which contains the configuration file.
  • 位址 - 輸入 proxy 伺服器位址 (例如 IP 位址)。Address - Enter the proxy server address (as an IP address).
  • 連接埠號碼 - 輸入與 Proxy 伺服器相關聯的連接埠號碼。Port number - Enter the port number associated with the proxy server.