After deploying the VMware Tunnel on the VMware Unified Access Gateway appliance, you must configure the custom VMware Tunnel settings to meet your organizational needs. Configure these settings in the Unified Access Gateway admin UI hosted on your virtual appliance.

To configure the VMware Tunnel settings:

    1. Navigate to the URL of your virtual appliance admin UI. The url uses this format: https://[IP ADDRESS]:9443/admin/.
    2. Enter "admin" as the username.
    3. Enter your admin UI password. Select Login.
    4. Select Configure Manually.
    5. Next to Edge Service Settings, select Show.
    6. Next to Per-App Tunnel and Proxy Settings, select the settings icon ( ) to configure your VMware Tunnel deployment.
    7. Customize the AirWatch Properties:

      Settings Descriptions
      Enable Per-App Tunnel and Proxy Settings

      Set to Yes to use the configured VMware Tunnel settings.

      After configuration, setting this option to No does not disable the VMware Tunnel.

      API Server URL

      Enter the URL to your Workspace ONE UEM API server.

      The appliance contacts the Workspace ONE UEM API server to fetch your VMware Tunnel configuration.

      For example,

      API Server Username

      Enter the user name of an AirWatch Admin user account.

      You must have Console Administrator privileges at a minimum.

      API Server Password

      Enter the password of an AirWatch Admin user account.

      You must have Console Administrator privileges at a minimum.

      Organization Group ID Enter the Group ID for the organization group the VMware Tunnel is configured.
      AirWatch Server Hostname

      Enter the hostname for your VMware Tunnel configuration.

      The hostname must match the hostname entered in the VMware Tunnel configuration wizard. The virtual appliance configures the instance as a relay server or an endpoint server based on the hostname. Ensure that you properly enter the hostname to avoid any issues in deployment.

      This is the Tunnel server hostname.

    8. (Optional) Select the More drop-down menu to configure additional settings including Workspace ONE UEM Outbound Proxy Settings if you use an outbound proxy to make the initial call to the API server:

      Settings Description
      Outbound Proxy Host Enter the outbound proxy hostname.
      Outbound Proxy Port Enter the outbound proxy port.
      Outbound Proxy User Enter the user name if you proxy requires authentication.
      Outbound Proxy Password Enter the password for your outbound proxy if your proxy requires authentication.
      NTLM Authentication Enable if your proxy requires NTLM authentication.
      Use for VMware Tunnel Proxy Enable to use these proxy settings as the outbound proxy for your VMware Tunnel deployment.
      Host Entries

      Enter the host entries for the server. You can enter multiple host entries separated by commas. They must follow this format:

      IP address hostname hostname alias (optional). For example,,

      Use this option if your DNS is not publicly available or accessible from the DMZ.

      Trusted Certificates

      Select Select to upload a PEM certificate to add to the trusted store. Select the plus icon to upload additional certificates.

      This feature only supports PEM certificates.

    9. To finish, select Save. The Workspace ONE UEM Appliance Hub starts immediately and the monitoring services for VMware Tunnel start after 60 seconds.

    The Support Settings screen on this page allows you to download the Log Archive and export your custom settings using the Export Access Point Settings option.