Using Workspace ONE Web for VMware Tunnel controls how the end users access internal sites by configuring communication between the application and the VMware Tunnel. Once configured, access to URLs you specify (using Workspace ONE Web) goes through the VMware Tunnel.

Note: Consider using Workspace ONE Web with the Per-App Tunnel component of VMware Tunnel. The Per-App Tunnel component provides better performance and functionality than the Proxy component. Workspace ONE Web with the Per-App Tunnel component does not require additional configuration.

Caveats and Known Limitations - For VMware Tunnel, the current authentication scheme requires the use of a chunk aggregator of fixed size. A low value puts restrictions on the amount of data that is sent from the devices in a single HTTP request. By contrast, a high value causes extra memory to be allocated for this operation. Workspace ONE UEM uses a default optimum value of 1 MB, which you can configure based on your maximum expected size of upload data. Configure this value in the proxy.properties file on the VMware Tunnel server in the /conf directory.

Procedure

  1. Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies.
  2. Select Enabled for AirWatch App Tunnel and specify the App Tunnel Mode as VMware Tunnel – Proxy.
  3. (Optional) Enable the split tunnel for iOS devices by entering URLs into the App Tunnel Domains text box. Leave the text box empty to send all requests through the VMware Tunnel.

    If a URL that is about to be invoked contains a domain that matches the list in the settings, this URL request goes through the VMware Tunnel.

    If the URL domain does not match the domain in the list, it goes directly to the Internet.

  4. Select Save.
  5. Ensure the Workspace ONE Web is using the Shared SDK profiles for iOS and Android by navigating to Groups & Settings > All Settings > Apps > Workspace ONE Web and selecting them under SDK Profile.