pfm_description Use this section to define settings for VPN access. pfm_title VPN pfm_format_version 1 pfm_version 1 pfm_domain com.apple.vpn.managed pfm_subkeys pfm_name PayloadDescription pfm_title Payload Description pfm_description Description of the payload pfm_type string pfm_default Configures VPN settings pfm_name PayloadDisplayName pfm_title Payload Display Name pfm_description Name of the payload pfm_type string pfm_default VPN pfm_require always pfm_name PayloadIdentifier pfm_title Payload Identifier pfm_description A unique identifier for the payload, dot-delimited. Usually root PayloadIdentifier+subidentifier pfm_type string pfm_default com.apple.vpn.managed pfm_require always pfm_name PayloadType pfm_title Payload Type pfm_description The type of the payload, a reverse dns string pfm_type string pfm_default com.apple.vpn.managed pfm_require always pfm_name PayloadUUID pfm_title Payload UUID pfm_description Unique identifier for the payload (format 01234567-89AB-CDEF-0123-456789ABCDEF) pfm_type string pfm_default pfm_require always pfm_format ^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$ pfm_name PayloadVersion pfm_title Payload Version pfm_description The version of the whole configuration profile. pfm_type integer pfm_default 1 pfm_require always pfm_name PayloadOrganization pfm_title Payload Organization pfm_description This value describes the issuing organization of the profile, as displayed to the user pfm_type string pfm_name UserDefinedName pfm_title User Defined Name pfm_description Description of the VPN connection displayed on the device pfm_require always pfm_type string pfm_name VPNType pfm_title Type pfm_description Determines the settings available for this VPN payload pfm_type string pfm_default L2TP pfm_require always pfm_range_list L2TP PPTP IPSec VPN IKEv2 AlwaysOn pfm_name VPNSubType pfm_title VPN Subtype pfm_description If VPNType is "VPN" this field will be an identifier for a vendor specified configuration dictionary pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target VPNType pfm_range_list VPN pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list VPN pfm_name VendorConfig pfm_title Vendor Configuration Dictionary pfm_description A vendor specific configuration dictionary pfm_type dictionary pfm_default pfm_subkeys pfm_name Realm pfm_title Realm pfm_description Realm to connect to on the server pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNSubType pfm_present pfm_range_list net.juniper.sslvpn net.pulsesecure.pulsesecure pfm_name Role pfm_title Role pfm_description Role to select when connecting to the server. Valid only for Juniper SSL pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNSubType pfm_present pfm_range_list net.juniper.sslvpn net.pulsesecure.pulsesecure pfm_exclude pfm_target_conditions pfm_target VPNSubType pfm_present pfm_n_range_list net.juniper.sslvpn net.pulsesecure.pulsesecure pfm_name Group pfm_title Group pfm_description Group to connect to on the head end. Valid only for Cisco AnyConnect pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNSubType pfm_present pfm_range_list com.cisco.anyconnect com.cisco.anyconnect.applevpn.plugin pfm_name LoginGroupOrDomain pfm_title Login Group or Domain pfm_description Login Group or Domain pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNSubType pfm_present pfm_range_list com.sonicwall.SonicWALL-SSLVPN.vpnplugin pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list VPN pfm_name Proxies pfm_title Proxies pfm_description Proxies pfm_type dictionary pfm_default HTTPEnable 0 HTTPSEnable 0 pfm_subkeys pfm_name HTTPEnable pfm_title Enable HTTP pfm_description pfm_type integer pfm_range_list 0 1 pfm_name HTTPPort pfm_title HTTP Port pfm_description pfm_type integer pfm_range_max 65535 pfm_range_min 0 pfm_conditionals pfm_require always pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_contains_any 1 pfm_exclude pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_n_range_list 1 pfm_name HTTPProxy pfm_title HTTP Proxy pfm_description Proxy URL pfm_type string pfm_exclude pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_n_range_list 1 pfm_name HTTPProxyPassword pfm_title HTTP ProxyPassword pfm_description pfm_type string pfm_exclude pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_n_range_list 1 pfm_name HTTPProxyUsername pfm_title HTTP ProxyUsername pfm_description pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_contains_any 1 pfm_exclude pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_n_range_list 1 pfm_name HTTPSEnable pfm_title Enable HTTPS pfm_description pfm_type integer pfm_range_list 0 1 pfm_name HTTPSPort pfm_title HTTPS Port pfm_description pfm_type integer pfm_range_min 0 pfm_range_max 65535 pfm_conditionals pfm_require always pfm_target_conditions pfm_target Proxies.HTTPEnable pfm_contains_any 1 pfm_exclude pfm_target_conditions pfm_target Proxies.HTTPSEnable pfm_n_range_list 1 pfm_name HTTPSProxy pfm_title HTTPS Proxy pfm_description pfm_type string pfm_exclude pfm_target_conditions pfm_target Proxies.HTTPSEnable pfm_n_range_list 1 pfm_name ProxyAutoConfigEnable pfm_title Proxy AutoConfig Enable pfm_description pfm_type integer pfm_range_list 0 1 pfm_name ProxyAutoDiscoveryEnable pfm_title Proxy Auto Discovery Enable pfm_description pfm_type integer pfm_default 1 pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target Proxies.ProxyAutoConfigEnable pfm_n_range_list 1 pfm_target Proxies.ProxyAutoConfigURLString pfm_present pfm_name ProxyAutoConfigURLString pfm_title Proxy Server URL pfm_description pfm_type string pfm_exclude pfm_target_conditions pfm_target Proxies.ProxyAutoConfigEnable pfm_n_range_list 1 pfm_name VPN pfm_title VPN pfm_description VPN Settings pfm_type dictionary pfm_default AuthenticationMethod Password pfm_subkeys pfm_name AuthName pfm_title Account Username pfm_description The VPN account username pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNType pfm_range_list VPN pfm_name AuthPassword pfm_title Account Password pfm_description The VPN user password pfm_type string pfm_name AuthenticationMethod pfm_title Authentication Method pfm_description Authentication method. Either shared secret or certificate pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target VPNType pfm_range_list VPN pfm_range_list Password Certificate Password+Certificate pfm_name PayloadCertificateUUID pfm_title Certificate UUID pfm_description The UUID of the certificate to use for account credentials pfm_type string pfm_name OnDemandEnabled pfm_title Enable VPN On Demand pfm_description Enable VPN On Demand pfm_type integer pfm_range_list 0 1 pfm_name OnDemandMatchDomainsAlways pfm_title On Demand Match Domains Always pfm_description pfm_type array pfm_subkeys pfm_name MatchDomainAlwaysElement pfm_title Match Domain Always Element pfm_description Match domain or host pfm_type string pfm_name OnDemandMatchDomainsNever pfm_title On Demand Match Domains Never pfm_description pfm_type array pfm_subkeys pfm_name MatchDomainNeverElement pfm_title Match Domain Never Element pfm_description Match domain or host pfm_type string pfm_name OnDemandMatchDomainsOnRetry pfm_title On Demand Match Domains On Retry pfm_description pfm_type array pfm_subkeys pfm_name MatchDomainOnRetryElement pfm_title Match Domain On Retry Element pfm_description Match domain or host pfm_type string pfm_name OnDemandRules pfm_title On Demand Rules pfm_description An array of dictionaries defining On Demand Rules pfm_type array pfm_subkeys pfm_name OnDemandRulesElement pfm_title On Demand Rules Element pfm_description An On Demand rule pfm_type dictionary pfm_subkeys pfm_name DNSDomainMatch pfm_title DNS Domain Match pfm_description An array of DNS addresses pfm_type array pfm_subkeys pfm_name DNSDomainMatchElement pfm_title DNS Domain Match Element pfm_description A DNS address. May include wildcards pfm_type string pfm_name DNSServerAddressMatch pfm_title DNS Server Address Match pfm_description An array of DNS Server Addresses pfm_type array pfm_subkeys pfm_name DNSServerAddressMatchElement pfm_title DNS Server Address Match Element pfm_description A DNS server address. May include wildcards pfm_type string pfm_name URLStringProbe pfm_title URL String Probe pfm_description A test URL pfm_type string pfm_name Action pfm_title On Demand Action pfm_description On Demand Action pfm_type string pfm_range_list Allow Ignore Connect Disconnect pfm_name DisconnectOnIdle pfm_title Enable Disconnect on Idle pfm_description Disconnect after an on demand connection idles pfm_type integer pfm_range_list 0 1 pfm_name DisconnectOnIdleTimer pfm_title Disconnect on Idle time pfm_description Length of time to wait before disconnecting an on demand connection pfm_type integer pfm_exclude pfm_target_conditions pfm_target VPN.DisconnectOnIdle pfm_n_range_list 1 pfm_name RemoteAddress pfm_title Server pfm_description Hostname or IP address for server pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target VPNType pfm_range_list VPN pfm_name IncludeAllNetworks pfm_title Send All Traffic pfm_description Sends all traffic over VPN pfm_type integer pfm_name ExcludeLocalNetworks pfm_title Exclude Local Networks pfm_description When Sending All Traffic over VPN, exclude traffic going to the local network pfm_type integer pfm_conditionals pfm_target_conditions pfm_target VPN.IncludeAllNetworks pfm_range_list 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list VPN pfm_name PPP pfm_title PPP pfm_description PPP Settings pfm_type dictionary pfm_default pfm_subkeys pfm_name AuthName pfm_title Account Username pfm_description The VPN account username pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNType pfm_range_list PPTP L2TP pfm_name AuthPassword pfm_title Account Password pfm_description The VPN user password pfm_type string pfm_name TokenCard pfm_title Use Token Card pfm_description Use a token card such as an RSA SecurID card for connecting pfm_type boolean pfm_name CommRemoteAddress pfm_title Remote Address pfm_description IP address or hostname of VPN server pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target VPNType pfm_range_list PPTP L2TP pfm_name AuthEAPPlugins pfm_title EAP Plugins pfm_description Only present if RSA SecurID is being used, in which case it has one string entry: EAP-RSA pfm_type array pfm_subkeys pfm_name EAPPluginElement pfm_title EAP Plugin pfm_description String inside EAP Plugins array. If present, must be "EAP-RSA" pfm_type string pfm_repetition_max 1 pfm_repetition_min 1 pfm_range_list EAP-RSA EAP-TLS EAP-KRB pfm_name AuthProtocol pfm_title Protocol pfm_description Only present if RSA SecurID is being used, in which case it has one string entry: EAP pfm_type array pfm_subkeys pfm_name AuthProtocolElement pfm_title Auth Protocol pfm_description String inside Auth Protocol array. If present, must be "EAP" pfm_type string pfm_repetition_max 1 pfm_repetition_min 1 pfm_range_list EAP pfm_name CCPMPPE40Enabled pfm_title Enable CCPMPPE40 pfm_description Enables encryption on the connection. If this key and CCPEnabled are true, represents maximum encryption level pfm_type integer pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list PPTP pfm_name CCPMPPE128Enabled pfm_title Enable CCPMPPE128 pfm_description Enables encryption on the connection. If this key and CCPEnabled are true, represents automatic encryption level pfm_type integer pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list PPTP pfm_name CCPEnabled pfm_title Enable CCP pfm_description Enables encryption on the connection. If this key and CCPMPPE40Enabled are true, represents automatic encryption level; if this key and CCPMPPE128Enabled are true, represents maximum encryption level. If no encryption is used, then none of the CCP keys are true. pfm_type integer pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list PPTP pfm_name DisconnectOnIdle pfm_title Enable Disconnect on Idle pfm_description Disconnect after an on demand connection idles pfm_type integer pfm_range_list 0 1 pfm_name DisconnectOnIdleTimer pfm_title Disconnect on Idle time pfm_description Length of time to wait before disconnecting an on demand connection pfm_type integer pfm_exclude pfm_target_conditions pfm_target PPP.DisconnectOnIdle pfm_n_range_list 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list PPTP L2TP IKEv2 AlwaysOn pfm_name IPSec pfm_title IPSec Settings pfm_description Dictionary containing IPSec settings pfm_type dictionary pfm_default AuthenticationMethod SharedSecret LocalIdentifierType KeyID pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec L2TP pfm_subkeys pfm_name RemoteAddress pfm_title Remote Address pfm_description IP address or hostname of the VPN server pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target VPNType pfm_range_list IPSec pfm_name AuthenticationMethod pfm_title Authentication Method pfm_description Authentication method. Either shared secret or certificate pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target VPNType pfm_range_list L2TP IPSec pfm_range_list SharedSecret Certificate pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec L2TP pfm_name XAuthName pfm_title Username pfm_description Username for VPN account pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNType pfm_range_list IPSec pfm_name XAuthPassword pfm_title Password pfm_description Password for VPN account pfm_type string pfm_conditionals pfm_require push pfm_target_conditions pfm_target VPNType pfm_range_list IPSec pfm_name XAuthEnabled pfm_title XAUTH Enabled pfm_description 1 if XAUTH is ON, 0 if XAUTH is OFF pfm_type integer pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec pfm_name XAuthPasswordEncryption pfm_title XAUTH Password Encryption pfm_description String value is either "Prompt" or not present pfm_type string pfm_range_list Prompt pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec pfm_name LocalIdentifier pfm_title Local Identifier pfm_description The name of the group to use. If Hybrid Authentication is used, the string must end with "[hybrid]" pfm_type string pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec pfm_name LocalIdentifierType pfm_title Local Identifier Type pfm_description Present only if AuthenticationMethod = SharedSecret. Must be "KeyID" pfm_type string pfm_range_list KeyID pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec L2TP pfm_name SharedSecret pfm_title Shared Secret pfm_description The shared secret for this VPN account pfm_type data pfm_exclude pfm_target_conditions pfm_target IPSec.AuthenticationMethod pfm_n_range_list SharedSecret pfm_name PayloadCertificateUUID pfm_title Certificate UUID pfm_description The UUID of the certificate to use for account credentials pfm_type string pfm_exclude pfm_target_conditions pfm_target IPSec.AuthenticationMethod pfm_n_range_list Certificate pfm_name PromptForVPNPIN pfm_title Prompt for PIN pfm_description If set, user will be prompted for a PIN when connecting pfm_type boolean pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec pfm_name OnDemandEnabled pfm_title Enable VPN On Demand pfm_description Enable VPN On Demand pfm_type integer pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec pfm_name OnDemandMatchDomainsAlways pfm_title On Demand Match Domains Always pfm_description pfm_type array pfm_subkeys pfm_name MatchDomainAlwaysElement pfm_title Match Domain Always Element pfm_description Match domain or host pfm_type string pfm_name OnDemandMatchDomainsNever pfm_title On Demand Match Domains Never pfm_description pfm_type array pfm_subkeys pfm_name MatchDomainNeverElement pfm_title Match Domain Never Element pfm_description Match domain or host pfm_type string pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IPSec pfm_name OnDemandMatchDomainsOnRetry pfm_title On Demand Match Domains On Retry pfm_description pfm_type array pfm_subkeys pfm_name MatchDomainOnRetryElement pfm_title Match Domain On Retry Element pfm_description Match domain or host pfm_type string pfm_name OnDemandRules pfm_title On Demand Rules pfm_description An array of dictionaries defining On Demand Rules pfm_type array pfm_subkeys pfm_name OnDemandRulesElement pfm_title On Demand Rules Element pfm_description An On Demand rule pfm_type dictionary pfm_subkeys pfm_name DNSDomainMatch pfm_title DNS Domain Match pfm_description An array of DNS addresses pfm_type array pfm_subkeys pfm_name DNSDomainMatchElement pfm_title DNS Domain Match Element pfm_description A DNS address. May include wildcards pfm_type string pfm_name DNSServerAddressMatch pfm_title DNS Server Address Match pfm_description An array of DNS Server Addresses pfm_type array pfm_subkeys pfm_name DNSServerAddressMatchElement pfm_title DNS Server Address Match Element pfm_description A DNS server address. May include wildcards pfm_type string pfm_name URLStringProbe pfm_title URL String Probe pfm_description A test URL pfm_type string pfm_name Action pfm_title On Demand Action pfm_description On Demand Action pfm_type string pfm_range_list Allow Ignore Connect Disconnect pfm_name DisconnectOnIdle pfm_title Enable Disconnect on Idle pfm_description Disconnect after an on demand connection idles pfm_type integer pfm_range_list 0 1 pfm_name DisconnectOnIdleTimer pfm_title Disconnect on Idle time pfm_description Length of time to wait before disconnecting an on demand connection pfm_type integer pfm_exclude pfm_target_conditions pfm_target IPSec.DisconnectOnIdle pfm_n_range_list 1 pfm_name EAP pfm_title EAP Settings pfm_description Dictionary containing EAP settings pfm_type dictionary pfm_subkeys pfm_name IPv4 pfm_title IPv4 Settings pfm_description Dictionary containing IPv4 settings pfm_type dictionary pfm_default OverridePrimary 0 pfm_subkeys pfm_name OverridePrimary pfm_title Override Primary Connection pfm_description If set, all network traffic is sent over the VPN interface pfm_type integer pfm_default 0 pfm_range_list 0 1 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list VPN L2TP PPTP pfm_name IKEv2 pfm_title IKEv2 pfm_description IKEv2 settings pfm_default ChildSecurityAssociationParameters LifeTimeInMinutes 1440 DiffieHellmanGroup 14 IntegrityAlgorithm SHA2-256 EncryptionAlgorithm AES-256 IKESecurityAssociationParameters LifeTimeInMinutes 1440 DiffieHellmanGroup 14 IntegrityAlgorithm SHA2-256 EncryptionAlgorithm AES-256 DisableRedirect 0 DisableMOBIKE 0 UseConfigurationAttributeInternalIPSubnet 0 EnablePFS 0 EnableCertificateRevocationCheck 0 EnableFallback 0 DeadPeerDetectionRate Medium AuthenticationMethod SharedSecret pfm_type dictionary pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IKEv2 pfm_subkeys pfm_name RemoteAddress pfm_title RemoteAddress pfm_description IP address or hostname of the VPN server pfm_type string pfm_require always pfm_name LocalIdentifier pfm_title LocalIdentifier pfm_description Identifier of the IKEv2 client pfm_type string pfm_require always pfm_name RemoteIdentifier pfm_title RemoteIdentifier pfm_description Remote Identifier of the IKEv2 client pfm_type string pfm_require always pfm_name AuthenticationMethod pfm_title AuthenticationMethod pfm_description AuthenticationMethod of the IKEv2 client pfm_type string pfm_require always pfm_name PayloadCertificateUUID pfm_title PayloadCertificateUUID pfm_description The UUID of the identity certificate as the account credential pfm_type string pfm_name SharedSecret pfm_title SharedSecret pfm_description Value for IKE authentication pfm_type string pfm_name ExtendedAuthEnabled pfm_title ExtendedAuthEnabled pfm_description Set to 1 to enable extended authentication (EAP) pfm_default 0 pfm_type integer pfm_name AuthName pfm_title AuthName pfm_description Username used for authentication pfm_type string pfm_name DisableRedirect pfm_title Disable Redirect pfm_description Set to 1 to disable IKEv2 redirect pfm_default 0 pfm_type integer pfm_name DisableMOBIKE pfm_title Disable Mobility and Multihoming pfm_description Set to 1 to disable MOBIKE negotiation in IKEv2 pfm_default 0 pfm_type integer pfm_name UseConfigurationAttributeInternalIPSubnet pfm_title Use IPv4 / IPv6 Internal Subnet Attributes pfm_description Set to 1 to indicate if negotiation should use IKEv2 Configuration Attribute INTERNAL_IP4_SUBNET and INTERNAL_IP6_SUBNET. pfm_default 0 pfm_type integer pfm_name EnablePFS pfm_title Enable perfect forward secrecy pfm_description Set to 1 to enable Perfect Forward Secrecy for IKEv2 connections pfm_default 0 pfm_type integer pfm_name EnableCertificateRevocationCheck pfm_title Enable certificate revocation check pfm_description Set to 1 to enable certificate revocation check for IKEv2 connections pfm_default 0 pfm_type integer pfm_name EnableFallback pfm_title Enable Wi-Fi Assist pfm_description Set to 1 to enable Wi-Fi assist for IKEv2 connections pfm_default 0 pfm_type integer pfm_name AuthPassword pfm_title AuthPassword pfm_description Password used for authentication pfm_type string pfm_name DeadPeerDetectionRate pfm_title Dead Peer Detection Rate pfm_description Dead peer detection rate; defaults to Medium pfm_type string pfm_name CertificateType pfm_title Certificate Type pfm_description Type of the certificate; defaults to RSA pfm_type string pfm_exclude pfm_target_conditions pfm_target IKEv2.AuthenticationMethod pfm_n_range_list Certificate pfm_name ServerCertificateIssuerCommonName pfm_title ServerCertificateIssuerCommonName pfm_description Common Name of the server certificate issuer pfm_type string pfm_name ServerCertificateCommonName pfm_title ServerCertificateCommonName pfm_description Common name of the server certificate pfm_type string pfm_name IKESecurityAssociationParameters pfm_title IKESecurityAssociationParameters pfm_description Applies to child Security Association pfm_type dictionary pfm_default EncryptionAlgorithm AES-256 IntegrityAlgorithm SHA2-256 DiffieHellmanGroup 14 LifeTimeInMinutes 1440 pfm_subkeys pfm_name EncryptionAlgorithm pfm_title EncryptionAlgorithm pfm_description EncryptionAlgorithm pfm_type string pfm_name IntegrityAlgorithm pfm_title IntegrityAlgorithm pfm_description IntegrityAlgorithm pfm_type string pfm_name DiffieHellmanGroup pfm_title DiffieHellmanGroup pfm_description DiffieHellmanGroup pfm_type integer pfm_name LifeTimeInMinutes pfm_title LifeTimeInMinutes pfm_description LifeTimeInMinutes pfm_type integer pfm_name ChildSecurityAssociationParameters pfm_title ChildSecurityAssociationParameters pfm_description Applies to child Security Association pfm_type dictionary pfm_default EncryptionAlgorithm AES-256 IntegrityAlgorithm SHA2-256 DiffieHellmanGroup 14 LifeTimeInMinutes 1440 pfm_subkeys pfm_name EncryptionAlgorithm pfm_title EncryptionAlgorithm pfm_description EncryptionAlgorithm pfm_type string pfm_name IntegrityAlgorithm pfm_title IntegrityAlgorithm pfm_description IntegrityAlgorithm pfm_type string pfm_name DiffieHellmanGroup pfm_title DiffieHellmanGroup pfm_description DiffieHellmanGroup pfm_type integer pfm_name LifeTimeInMinutes pfm_title LifeTimeInMinutes pfm_description LifeTimeInMinutes pfm_type integer pfm_name DisconnectOnIdle pfm_title Enable Disconnect on Idle pfm_description Disconnect after an on demand connection idles pfm_type integer pfm_range_list 0 1 pfm_name DisconnectOnIdleTimer pfm_title Disconnect on Idle time pfm_description Length of time to wait before disconnecting an on demand connection pfm_type integer pfm_exclude pfm_target_conditions pfm_target IKEv2.DisconnectOnIdle pfm_n_range_list 1 pfm_name AlwaysOn pfm_title AlwaysOn pfm_description Always On settings pfm_default ServiceExceptions AllowedCaptiveNetworkPlugins TunnelConfigurations AuthenticationMethod SharedSecret DeadPeerDetectionRate Medium DisableRedirect 0 DisableMOBIKE 0 UseConfigurationAttributeInternalIPSubnet 0 EnablePFS 0 EnableCertificateRevocationCheck 0 EnableFallback 0 NATKeepAliveOffloadEnable 1 NATKeepAliveInterval 110 IKESecurityAssociationParameters LifeTimeInMinutes 1440 DiffieHellmanGroup 14 IntegrityAlgorithm SHA2-256 EncryptionAlgorithm AES-256 ChildSecurityAssociationParameters LifeTimeInMinutes 1440 DiffieHellmanGroup 14 IntegrityAlgorithm SHA2-256 EncryptionAlgorithm AES-256 ProtocolType IKEv2 Interfaces Cellular AuthenticationMethod SharedSecret DeadPeerDetectionRate Medium DisableRedirect 0 DisableMOBIKE 0 UseConfigurationAttributeInternalIPSubnet 0 EnablePFS 0 EnableCertificateRevocationCheck 0 EnableFallback 0 NATKeepAliveOffloadEnable 1 NATKeepAliveInterval 20 IKESecurityAssociationParameters LifeTimeInMinutes 1440 DiffieHellmanGroup 14 IntegrityAlgorithm SHA2-256 EncryptionAlgorithm AES-256 ChildSecurityAssociationParameters LifeTimeInMinutes 1440 DiffieHellmanGroup 14 IntegrityAlgorithm SHA2-256 EncryptionAlgorithm AES-256 ProtocolType IKEv2 Interfaces WiFi pfm_type dictionary pfm_conditionals pfm_target_conditions pfm_target VPNType pfm_range_list IKEv2 pfm_subkeys pfm_name TunnelConfigurations pfm_title TunnelConfigurations pfm_description This array contains an arbitrary number of TunnelConfigurations pfm_type array pfm_require always pfm_subkeys pfm_name TunnelConfiguration pfm_title A TunnelConfiguration pfm_description An item in theTunnelConfigurations array describing an individual configuration pfm_type dictionary pfm_subkeys pfm_name RemoteAddress pfm_title RemoteAddress pfm_description IP address or hostname of the VPN server pfm_type string pfm_require always pfm_name LocalIdentifier pfm_title LocalIdentifier pfm_description Identifier of the IKEv2 client pfm_type string pfm_require always pfm_name RemoteIdentifier pfm_title RemoteIdentifier pfm_description Remote Identifier of the IKEv2 client pfm_type string pfm_require always pfm_name AuthenticationMethod pfm_title AuthenticationMethod pfm_description AuthenticationMethod of the IKEv2 client pfm_type string pfm_require always pfm_name PayloadCertificateUUID pfm_title PayloadCertificateUUID pfm_description The UUID of the identity certificate as the account credential pfm_type string pfm_name SharedSecret pfm_title SharedSecret pfm_description Value for IKE authentication pfm_type string pfm_name ExtendedAuthEnabled pfm_title ExtendedAuthEnabled pfm_description Set to 1 to enable extended authentication (EAP) pfm_default 0 pfm_type integer pfm_name DisableRedirect pfm_title Disable Redirect pfm_description Set to 1 to disable IKEv2 redirect pfm_default 0 pfm_type integer pfm_name DisableMOBIKE pfm_title Disable Mobility and Multihoming pfm_description Set to 1 to disable MOBIKE negotiation in IKEv2 pfm_default 0 pfm_type integer pfm_name UseConfigurationAttributeInternalIPSubnet pfm_title Use IPv4 / IPv6 Internal Subnet Attributes pfm_description Set to 1 to indicate if negotiation should use IKEv2 Configuration Attribute INTERNAL_IP4_SUBNET and INTERNAL_IP6_SUBNET. pfm_default 0 pfm_type integer pfm_name EnablePFS pfm_title Enable perfect forward secrecy pfm_description Set to 1 to enable Perfect Forward Secrecy for IKEv2 connections pfm_default 0 pfm_type integer pfm_name EnableCertificateRevocationCheck pfm_title Enable certificate revocation check pfm_description Set to 1 to enable certificate revocation check for IKEv2 connections pfm_default 0 pfm_type integer pfm_name EnableFallback pfm_title Enable Wi-Fi Assist pfm_description Set to 1 to enable Wi-Fi assist for IKEv2 connections pfm_default 0 pfm_type integer pfm_name NATKeepAliveOffloadEnable pfm_title Enable NAT keepalive while the device is asleep pfm_description Set to 1 to enable NAT Keepalive offload for Always-on VPN IKEv2 connections pfm_default 1 pfm_type integer pfm_name NATKeepAliveInterval pfm_title NAT Keepalive Interval pfm_description NAT Keepalive interval for Always-on VPN IKEv2 connections. This value controls the interval over which Keepalive offload packets are sent by the device. The minimum value is 20 seconds. If no key is specified, the default is 20 seconds over Wi-Fi and 110 seconds over Cellular interface. pfm_default 20 pfm_type integer pfm_name AuthName pfm_title AuthName pfm_description Username used for authentication pfm_type string pfm_name AuthPassword pfm_title AuthPassword pfm_description Password used for authentication pfm_type string pfm_name DeadPeerDetectionRate pfm_title Dead Peer Detection Rate pfm_description Dead peer detection rate; defaults to Medium pfm_default Low pfm_type string pfm_name ProtocolType pfm_title Protocol Type pfm_description In always-on, must be "IKEv2" pfm_default IKEv2 pfm_type string pfm_require always pfm_range_list IKEv2 pfm_name ServerCertificateIssuerCommonName pfm_title ServerCertificateIssuerCommonName pfm_description Common Name of the server certificate issuer pfm_type string pfm_conditionals pfm_require always pfm_target_conditions pfm_target IKEv2.AuthenticationMethod pfm_contains_any Certificate pfm_exclude pfm_target_conditions pfm_target AlwaysOn.TunnelConfigurations.[0].AuthenticationMethod pfm_n_range_list Certificate pfm_target AlwaysOn.TunnelConfigurations.[1].AuthenticationMethod pfm_n_range_list Certificate pfm_name ServerCertificateCommonName pfm_title ServerCertificateCommonName pfm_description Common Name of the server certificate pfm_type string pfm_exclude pfm_target_conditions pfm_target AlwaysOn.TunnelConfigurations.[0].AuthenticationMethod pfm_n_range_list Certificate pfm_target AlwaysOn.TunnelConfigurations.[1].AuthenticationMethod pfm_n_range_list Certificate pfm_name IKESecurityAssociationParameters pfm_title IKESecurityAssociationParameters pfm_description Applies to child Security Association pfm_type dictionary pfm_default EncryptionAlgorithm AES-256 IntegrityAlgorithm SHA2-256 DiffieHellmanGroup 14 LifeTimeInMinutes 1440 pfm_subkeys pfm_name EncryptionAlgorithm pfm_title EncryptionAlgorithm pfm_description EncryptionAlgorithm pfm_type string pfm_name IntegrityAlgorithm pfm_title IntegrityAlgorithm pfm_description IntegrityAlgorithm pfm_type string pfm_name DiffieHellmanGroup pfm_title DiffieHellmanGroup pfm_description DiffieHellmanGroup pfm_type integer pfm_name LifeTimeInMinutes pfm_title LifeTimeInMinutes pfm_description LifeTimeInMinutes pfm_type integer pfm_name ChildSecurityAssociationParameters pfm_title ChildSecurityAssociationParameters pfm_description Applies to child Security Association pfm_type dictionary pfm_default EncryptionAlgorithm AES-256 IntegrityAlgorithm SHA2-256 DiffieHellmanGroup 14 LifeTimeInMinutes 1440 pfm_subkeys pfm_name EncryptionAlgorithm pfm_title EncryptionAlgorithm pfm_description EncryptionAlgorithm pfm_type string pfm_name IntegrityAlgorithm pfm_title IntegrityAlgorithm pfm_description IntegrityAlgorithm pfm_type string pfm_name DiffieHellmanGroup pfm_title DiffieHellmanGroup pfm_description DiffieHellmanGroup pfm_type integer pfm_name LifeTimeInMinutes pfm_title LifeTimeInMinutes pfm_description LifeTimeInMinutes pfm_type integer pfm_name DNS pfm_type dictionary pfm_subkeys pfm_name ServerAddresses pfm_type array pfm_subkeys pfm_name ServerAddressesElement pfm_type string pfm_name SearchDomains pfm_type array pfm_subkeys pfm_name SearchDomainsElement pfm_type string pfm_name DomainName pfm_type string pfm_name SupplementalMatchDomainsNoSearch pfm_type integer pfm_name SupplementalMatchDomains pfm_type array pfm_subkeys pfm_name SupplementalMatchDomainsElement pfm_type string pfm_default SupplementalMatchDomainsNoSearch 0 pfm_exclude pfm_target_conditions pfm_target VPNType pfm_n_range_list IKEv2