Tunnel deployment secures the network traffic between an end user device and a website through the Workspace ONE Web mobile application.

Procedure

  1. In the Unified Access Gateway admin UI, navigate to the Configure Manually section and click Select.
  2. In the General Settings > Edge Service Settings, click Show.
  3. Click Tunnel Settings gearbox icon.
  4. To enable Tunnel Settings, turn on the Enable or disable Tunnel Settings toggle.
  5. Configure the following edge service settings resources.
    Option Description
    API Server URL Enter the Workspace ONE UEM API server URL. For example, enter as https://example.com:<port>.
    API Server User Name Enter the user name to log in to the API server.
    API Server Password Enter the password to log in to the API server.
    Organization Group ID (Optional) Enter the organization group ID in which this Tunnel configuration is configured.

    This field is not required if the Workspace ONE UEM console supports multi-tunnel configuration feature.

    Tunnel Configuration ID

    (Optional) Enter the tunnel configuration ID.

    VMware Tunnel Configuration ID configured in the Workspace ONE UEM Console. This field is supported only if the UEM console supports multi-tunnel configuration feature.

    When this field is blank, the default configuration from the specified organization group is fetched.

    Tunnel Server Hostname Enter the VMware Tunnel external hostname configured in the Workspace ONE UEM console.
  6. To configure other advanced settings, click More.
    Option Description
    Lock Configuration Turn on this toggle to prevent configuration auto updates being made from Workspace ONE UEM Console. Changes to custom configurations, authentication, certificates, and networking are locked on Unified Access Gateway.
    When you turn off this toggle, all the configuration auto updates are made through Workspace ONE UEM Console UI.
    Note: To apply changes to custom configurations, authentication, certificates, and networking, ensure that you re-save the Tunnel service.
    Outbound Proxy Host Enter the host name where the outbound proxy is installed. Unified Access Gateway makes a connection to API Server through an outbound proxy if configured.
    Outbound Proxy Port Enter the port number of the outbound proxy.
    Outbound Proxy User Name Enter the user name to log in to the outbound proxy.
    Outbound Proxy Password Enter the password to log in to the outbound proxy.
    NTLM authentication Turn on this toggle to specify that the outbound proxy request requires NTLM authentication.
    Host Entries Enter the details to be added in the/etc/hosts file. Each entry should include an IP, a hostname, and an optional hostname alias in that order, separated by a space. For example, 10.192.168.1 example1.com, 10.192.168.2 example2.com example-alias. Click the '+' sign to add multiple host entries.
    Important: The host entries are saved only after you click Save.
    Trusted Certificates
    • To select a certificate in PEM format and add to the trust store, click +.
    • To provide a different name, edit the alias text box.

      By default, the alias name is the filename of the PEM certificate.

    • To remove a certificate from the trust store, click -.
  7. Click Save.