Tunnel proxy deployment secures the network traffic between an end user device and a Website through the VMware Browser mobile application.


  1. In the admin UI Configure Manually section, click Select.
  2. In the General Settings > Edge Service Settings line, click Show.
  3. Click VMware Tunnel Settings gearbox icon.
  4. Change NO to YES to enable tunnel proxy.
  5. Configure the following edge service settings resources.



    API Server URL

    Enter the AirWatch API server URL. For example, enter as https://example.com:<port>.

    API Server User Name

    Enter the user name to log in to the API server.

    API Server Password

    Enter the password to log in to the API server.

    Organization Group ID

    Enter the organization of the user.

    Tunnel Server Hostname

    Enter the VMware Tunnel external hostname configured in the AirWatch administrator console.

  6. To configure other advanced settings, click More.



    Outbound Proxy Host

    Enter the host name where the outbound proxy is installed.


    This is not the Tunnel Proxy.

    Outbound Proxy Port

    Enter the port number of the outbound proxy.

    Outbound Proxy User Name

    Enter the user name to log in to the outbound proxy.

    Outbound Proxy Password

    Enter the password to log in to the outbound proxy.

    NTLM Authentication

    Change NO to YES to specify that the outbound proxy request requires NTLM authentication.

    Use for VMware Tunnel Proxy

    Change NO to YES to use this proxy as an outbound proxy for VMware Tunnel. If not enabled, Unified Access Gateway uses this proxy for the initial API call to get the configuration from the AirWatch admin console.

    Host Entries

    Enter a comma separated list of host entries to be added in /etc/hosts file. Each entry includes an IP, a hostname, and an optional hostname alias in that order, separated by a space. For example, example1.com, example2.com example-alias

    TLS SNI Rules

    This field displays only if TLS port 443 sharing is enabled during deployment. Specify the externalHostName:port that will be used for the service, for example "aw.uag.myco.com:8443" for Tunnel settings.

    Trusted Certificates

    Select the trusted certificate files to be added to the trust store.

  7. Click Save.

    For more information on deploying Unified Access Gateway with AirWatch, see the VMware Tunnel documentation https://my.air-watch.com/help/9.1/en/Content/Expert_Guides/EI/AW_Tunnel/C/Tunnel_Introduction.htm .