Hi Philip,

the second one doesn't solve the problem and the first one too. I need to embed a certificate to the VPN Settings in Meraki as an authentication method. See here https://www.paloaltonetworks.com/documentation/50/globalprotect/globalprotect-app-new-features/new-f...

I created new Profile now and suddenly have got more Connection Types ( not only L2TP ). I will try it out with IPSec and post here if i've had any luck.

Well i tried IPSec and IKEv2 connection types but still no success. The problem is that iOS 12 doesn't allow anymore direct access to the phone certificates from another apps ( like Global Protect in my case ). Is there any update for Meraki Systems Manager planned  to fix this issue ?

If that is the case then the Meraki Systems Manager may also face the same restriction.

 

It sounds like you need a new solution from Global Protect given the new iOS restrictions.

 

Perhaps use an MFA like Duo instead?

Global Protect has already have new solution -> read the article carefully https://www.paloaltonetworks.com/documentation/50/globalprotect/globalprotect-app-new-features/new-f...

I think the problem in Meraki is the third step from the article

• 3. When the Identifier field appears, enter the following bundle ID to identify the new GlobalProtect app:
  com.paloaltonetworks.globalprotect.vpn

I do not have any Identifier field within the IPSec connection type. So i guess the VPN Config can not locate the GP App. Another thing: i get a second VPN Config from VPN on the iOS Device, so i can either use the GP or the one from Meraki, but both do not work.

 

That does not look good - it looks like these changes to IOS 12 are going to require a bunch of new development effort, on multiple fronts.  This iOS 12 change is going to break a lot of things.

 

I would not personally expect support for these new restrictions any time soon.  I think you would be better off not allowing the upgrade to IOS 12.  The loss of security capability is probably worse than any other new functionality.