AirWatch supports configuring device VPN settings so end users can remotely and securely access your organizations internal network. The VPN profile provides detailed VPN settings control including specific VPN provider settings and Per-App VPN access.

AirWatch supports specific VPN connection types for various third-party VPN providers, including:

  • IKEv2
  • Juniper Pulse
  • L2TP
  • Sonic Wall Mobile Connect
  • PPTP
  • Automatic
  • Check Point Mobile
  • VMware Tunnel
  • F5 Edge Client

Per-app VPN

Per-app VPN lets you to configure VPN traffic rules based on specific applications. When configured, the VPN connects automatically when a specified app starts and sends the application traffic through the VPN connection but not traffic from other applications. With this flexibility, you can ensure that your data remains secure while not limiting device access to the Internet at large.

Watch a tutorial video explaining how to configure the Windows VPN profile for Per-app VPN:

Each rule group under the Per-App VPN Rules section uses the logical OR operator. So if traffic matches any of the set policies, it is allowed through the VPN.


The applications for which Per-app VPN traffic rules apply can be legacy Windows applications such as EXE files or modern apps downloaded from the Windows Store. By designating specific applications to start and use the VPN connection, only the traffic from those apps uses the VPN and not all device traffic. This logic allows you to keep corporate data secure while reducing the bandwidth sent through your VPN.

To help you reduce VPN constraint, you can set DNS routing rules for the Per-app VPN connection. These routing rules limit traffic sent through the VPN to only that traffic that matches the rules. The logic rules use the AND operator so if you set an IP Address, Port, and IP Protocol, the traffic much match EACH of these filters to pass through the VPN.

Per-app VPN allows you to create granular, detailed control over your VPN connections on an app by app basis.