The Network Traffic Rules settings page enables you to create traffic rules to control how the Per App Tunnel works on supported devices. The rules set on this page determine how the VMware Tunnel handles network traffic from configured Per App VPN mobile applications.

Traffic can be blocked from specified domains, tunneled through to your internal network, bypass your internal network, or directed to a proxy. For more information, see Network Traffic Rules for Per-App Tunnel.

Device Traffic Rules

Settings Descriptions
Default Action

Select the default action the VMware Tunnel app takes when the defined rules do not apply to the network traffic.

The default action is always applied last.

  • Tunnel – All apps on the device configured for Per App VPN send network traffic through the tunnel.
  • Block – Blocks all apps on the device configured for Per App VPN from sending network traffic.
  • Bypass – All apps on the device configured for Per App VPN bypass the tunnel and connect to the Internet directly.
Add Select Add to create a new rule.

Select the up or down arrows to rearrange the ranking of your network traffic rules. You can also select-and-drag the rule.

The up and down arrows only display when you have more than one rule created.


Select Add to add a triggering application for the network rule.

This drop-down menu is populated with applications with Per App VPN enabled.


Select the action from the drop-down menu that the VMware Tunnel app applies to all network traffic from the triggering app when the app launches.

  • Tunnel – Sends app network traffic through the tunnel to your internal network
  • Block – Blocks all traffic sent to specified domains.
  • Bypass – Bypasses the VMware Tunnel so the app attempts to access specified domains directly.
  • Proxy – Redirect traffic to specified HTTPS proxy for the listed domains. The proxy must be HTTPS and must be follow the correct format:
Destination Hostname

Enter the hostname applicable to the action set for the rule. For example, enter all the domains to block traffic from accessing using the Block action.

Server Traffic Rules

Settings Descriptions
Outbound Proxy
Add Select to add a third-party outbound proxy. You may add additional outbound proxies by selecting Add again.
Hostname Enter the proxy hostname.
Port Enter the port the third-party proxy uses to listen to the VMware Tunnel

Select the proxy authentication method used.

Selecting Basic or Ntlm displays the Credential text box.

Credentials Enter the Username and Password for proxy authentication.
Network Rules
Add Select to add a server traffic rule.

Enter the destination hostname that triggers the traffic rule.

Rules for a Windows 10 device must use IP address as the hostname.

If you are entering multiple hostnames, separate them by commas. You can use regular expressions in the hostname.


Select the action that the VMware Tunnel applies to server traffic for the destination hostname.

  • Bypass – Bypass the proxy and send all traffic directly to the destination hostname.
  • Proxy – Send server traffic through the outbound proxy.

    Selecting Proxy displays the Outbound Proxy menu.

Outbound Proxy

Select the Outbound proxy to handle server traffic for the destination hostname. If you select multiple outbound proxies, the proxies are used in a round-robin format.

The proxies that populate this menu are those proxies added in the Outbound Proxy Settings section.