Add rules for the VMware Tunnel app to control how traffic is directed through the VMware Tunnel when using the Per-App Tunnel component. These rules allow you to tunnel, block, or bypass traffic as needed.

Watch a tutorial video explaining how to create device traffic rules: https://support.air-watch.com/articles/115001666388.

Prerequisites

  • Configured VMware Tunnel with the Per-App Tunnel component enabled.
  • For iOS and Android, applies to mobile applications configured for Per App VPN for VMware Tunnel. See Configure Public Apps to use Per App Profile for more information.

Procedure

  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Tunnel > Network Traffic Rules .
  2. Configure the Device Traffic Rules settings:

    Settings Descriptions
    Default Action

    This rule is automatically configured and applies to all applications except Safari.

    The default action is always applied last.

    • Tunnel – All apps, except Safari, on the device configured for Per App VPN send network traffic through the tunnel.

      For example, set the Default Action to Tunnel to ensure all configured apps without a defined traffic rule use the VMware Tunnel for internal communications.

    • Block – Blocks all apps, except Safari, on the device configured for Per App VPN from sending network traffic.

      For example, set the Default Action to Block to ensure that all configured apps without a defined traffic rule cannot send any network traffic regardless of destination.

    • Bypass – All apps, except Safari, on the device configured for Per App VPN bypass the tunnel and connect to the Internet directly.

      For example, set the Default Action to Bypass to ensure all configured apps without a defined traffic rule bypass the VMware Tunnel to access their destination directly.

    Add Select Add to create a rule.
    Rank

    Select the up or down arrows to rearrange the ranking of your network traffic rules. You can also select-and-drag the rule.

    The up and down arrows only display when you have more than one rule created.

    Application

    Select Add to add a triggering application for the network rule.

    This drop-down menu is populated with applications with Per App VPN enabled and Safari for macOS.

    If you configure rules for the Safari app for macOS, the traffic rules override and disable any domain rules configured in existing profiles.

    Action

    Select the action from the drop-down menu that the VMware Tunnel app applies to all network traffic from the triggering app when the app starts.

    • Tunnel – Sends app network traffic for specified domains through the tunnel to your internal network
    • Block – Blocks all traffic sent to specified domains.
    • Bypass – Bypasses the VMware Tunnel so the app attempts to access specified domains directly.
    • Proxy – Redirect traffic to the specified HTTPS proxy for the listed domains. The proxy must be HTTPS and must follow the correct format: https://example.com:port
    Destination Hostname

    Enter the hostname applicable to the action set for the rule. For example, enter all the domains to block traffic from accessing using the Block action.

    Use a comma (,) to distinguish between hostnames.

    You may use wildcard characters for your hostnames. Wildcards must follow the format:

    • *.<domain>.*
    • *<domain>.*
    • *.* — You cannot use this wildcard for Safari domain rules.
    • * — You cannot use this wildcard for Safari domain rules.
  3. Select Save to save your changes.
  4. Select Publish Rules to update your applicable VMware Tunnel device profiles to a new version with the new network traffic rules. The updated device profiles publish to the assigned smart groups.