The Advanced settings tab lets you configure more settings that are optional for an VMware Tunnel deployment. Except where noted, you can configure these settings before or after installation.

  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Tunnel > Configuration and select the Advanced tab.
  2. Configure the following AirWatch Tunnel Proxy component settings.
    Setting Description
    RSA Adaptive Auth Integration Enable this setting if you want to integrate the Proxy component with RSA authentication for comprehensive Web browsing security. Select to enable the following adaptive authentication settings. For more information, see RSA Adaptive Authentication.
    Adaptive Auth Server URL

    Enter your RSA Adaptive Auth server URL.

    This setting displays after you enable RSA Adaptive Auth Integration.

    Adaptive Auth Admin Username

    Enter the RSA admin account user name.

    This setting displays after you enable RSA Adaptive Auth Integration.

    Adaptive Auth Admin Password

    Enter the RSA admin account password for the user name you entered.

    This setting displays after you enable RSA Adaptive Auth Integration.

    Adaptive Auth Version

    Enter your RSA Adaptive Authentication version.

    This setting displays after you enable RSA Adaptive Auth Integration.

    Adaptive Auth User Identifier

    Enter the RSA Adaptive Auth user identifier.

    This setting displays after you enable RSA Adaptive Auth Integration.

    Access Logs

    Enable this setting to tell VMware Tunnel Proxy component to write access logs to syslog for any of your own purposes. These logs are not stored locally. They are pushed to the syslog host over the port you define. Communication to the syslog server occurs over UDP, so ensure that UDP traffic is allowed over this port.

    If you are using a relay-endpoint deployment model, the relay writes the access logs. If you are using an basic endpoint deployment model, the endpoint writes the access logs.

    There is no correlation between this syslog integration and the integration accessed on Groups & Settings > All Settings > System > Enterprise Integration > Syslog.

    You must enable this feature before you install any of the components. Any changes you make to the access logs configuration on the AirWatch Console require reinstallation of the VMware Tunnel server.

    Syslog Hostname

    Enter the URL of your syslog host.

    This setting displays after you enable Access Logs.

    Port

    Enter the port over which you want to communicate with the syslog host.

    This setting displays after you enable Access Logs.

    API and AWCM outbound calls via proxy

    Enable this option if the communication for initialization between the VMware Tunnel and AirWatch API or AWCM is through an outbound proxy.

    Show detailed errors Enable this option to ensure client applications (for example, VMware Browser) are informed when the VMware Tunnel fails to authenticate a device.
    Log Level Set the appropriate logging level, which determines how much data is reported to the LOG files.
  3. If applicable, configure the following Kerberos Proxy settings, which display only if you select Use Kerberos Proxy during the VMware Tunnel configuration. If the realm info you entered during configuration does not work properly, you can enter the KDC IP address here, which overrides the information that you provided during configuration.

    You must reinstall the VMware Tunnel after changing these settings. A restart does not work.

    Setting Description
    KDC Server IP

    Enter your KDC Server IP address.

    This text box displays only if you select Use Kerberos Proxy during VMware Tunnel configuration.

    Kerberos Proxy Port

    Enter the port over which VMware Tunnel can communicate with your Kerberos Proxy.

    This text box displays only if you select Use Kerberos Proxy during VMware Tunnel configuration.

  4. If applicable, configure the following Per-App Tunneling settings.

    Any changes to the Per-App Tunneling settings after installation of the VMware Tunnel server do not require restarting/reinstallation of the service. Changes automatically apply to the server.

    Setting Description
    Access Logs

    Enable this setting to enable the VMware Tunnel to write access logs to syslog for any of your own purposes. These logs are not stored locally. They are pushed to the syslog host over the port you define.

    There is no correlation between this syslog integration and the integration accessed on Groups & Settings > All Settings > System > Enterprise Integration > Syslog.

    You must enable this feature as part of VMware Tunnel configuration before you install any of the components.

    Syslog Hostname

    Enter the URL of your syslog host.

    This setting displays after you enable Access Logs.

    Port

    Enter the Port over which you want to communicate with the syslog host.

    This setting displays after you enable Access Logs.

    API and AWCM outbound calls via proxy

    Enable this option if the communication for initialization between the VMware Tunnel and AirWatch API or AWCM is through an outbound proxy.

  5. If applicable, configure the following Relay - Endpoint Authentication Credentials settings, which are used for authentication between the relay and endpoint servers. These text boxes are pre-populated for you after configuration, but you can change them, for example, to meet your organization password strength requirements.

    Setting Description
    Username Enter the user name used to authenticate the relay and endpoint servers.
    Password Enter the password used to authenticate the relay and endpoint servers.
  6. Select Save.