Sites are logical groups of servers that host Microsoft Tunnel. That configuration is applied to each server that joins the Site. Server configuration : Use the drop-down to select a server configuration to associate with this Site.
Every five minutes, each server that's assigned to this site will attempt to access the URL to confirm that it can access your internal network.
Servers report the status of this check as Internal network accessibility on the servers Health check tab. Automatically upgrade servers at this site : If Yes , servers upgrade automatically when an upgrade is available.
If No , upgrade is manual and an administrator must approve an upgrade before it can start. For more information, see Upgrade Microsoft Tunnel.
Limit server upgrades to maintenance window : If Yes , server upgrades for this site can only start between the start time and end time specified. There must be at least an hour between the start time and end time. When set to No , there's no maintenance window and upgrades start as soon as possible depending on how Automatically upgrade servers at this site is configured.
Before installing Microsoft Tunnel Gateway on a Linux server, configure your tenant with at least one Server configuration , and then create a Site. Download the tool directly by using a web browser. Use a Linux command to get the readiness tool directly. To start the server installation, run the script as root. The script always installs the most recent version of Microsoft Tunnel.
For the U. If you stop the installation and script, you can restart it by running the command line again. Installation continues from where you left off. When you start the script, it downloads container images from Microsoft Tunnel Gateway container images from the Intune service, and creates necessary folders and files on the server. The script displays the correct location to use on the Linux server.
The TLS certificate secures the connection between the devices that use the tunnel and the Tunnel Gateway endpoint. The private key will remain available on the machine where you create the certificate signing request for the TLS certificate. This file must be exported with a name of site.
Install the TLS certificate and private key. Use the following guidance that matches your file format:. The full chain root, intermediate, end-entity must be in a single file named site.
If your using a certificate issued by a public provider like Digicert, you have the option of downloading the complete chain as a single. The private key file name must be site. The user account must have either the Intune Administrator or Global Administrator roles assigned.
The account you use to complete the authentication must have an Intune license. The credentials of this account aren't saved and are only used for initial sign-in to Azure Active Directory. After Microsoft Tunnel Gateway registers with Intune, the script gets information about your Sites and Server configurations from Intune. The script presents you with a list of your available sites.
Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? Submit and view feedback for This product This page. View all page feedback. Intune may support more settings than the settings listed in this article. To see the settings you can configure, create a device configuration profile, and select Settings Catalog. For more information, see Settings catalog. This article describes some of the settings and features you can configure when creating virtual private networks VPNs.
These VPN settings are used in device configuration profiles, and then pushed or deployed to devices.
As part of your mobile device management MDM solution, use these settings to allow or disable features, including using a specific VPN vendor, enabling always on, using DNS, adding a proxy, and more.
The available settings depend on the VPN client you choose. Some settings are only available for specific VPN clients. Connection name : Enter a name for this connection. End users see this name when they browse their device for the list of available VPN connections. Servers : Add one or more VPN servers that devices connect to. When you add a server, you enter the following information:. Select Disable to not dynamically register the IP addresses.
Connection type : Select the VPN connection type from the following list of vendors:. Authentication method : Select how you want users to authenticate to the VPN server.
Your options:. Username and password : Require users to enter their domain username and password to authenticate, such as user contoso. Certificates : Select an existing user client certificate profile to authenticate the user. To create certificate profiles in Intune, see Use certificates for authentication.
Derived credential : Use a certificate that's derived from a user's smart card. If no derived credential issuer is configured, Intune prompts you to add one.
For more information, see Use derived credentials in Intune. Machine certificates IKEv2 only : Select an existing device client certificate profile to authenticate the device. If you use device tunnel connections , you must select this option. Remember credentials at each logon : Choose to cache the authentication credentials. For more information, see EAP configuration. These settings must match the VPN server settings.
0コメント