Enable App Tunnel to allow an application to communicate through a VPN or reverse proxy to access internal resources, such as a SharePoint or intranet sites.

See Supported Settings and Policies Options for the SDK to find out which default settings the SDK supports. Find the matrix in the Workspace ONE UEM Mobile Application Management Guide. To know what default settings Workspace ONE UEM applications support, see the topics for that specific application.

  1. Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies.
  2. Select Enabled and then select the App Tunnel Mode.

    Tunnel Type Description
    AirWatch App Tunnel

    Sets devices to access corporate resources using the VMware Tunnel that serves as a relay between mobile devices and enterprise systems.

    • Select Configure Tunnel Settings to enable the VMware Tunnel if you have not already set this feature.
    • To restrict the communication to a set of tunnel domains, enter domains in the App Tunnel URLs text box. All other traffic not listed in this text box, goes directly to the Internet.

      Use wildcards to allow access to any site with a domain subset. For example, *.<example>.com allows traffic to any site that contains .<example>.com in its domain. Similarly, it allows access to any port on that site with an implementation similar to *.<example>.com.

      If nothing is listed in this text box, all traffic directs through the app tunnel.

    F5

    Sets devices to access Web services behind a firewall defined by specific policies that allow secure connections through your F5 components.

    • To access your internal network, select an App Tunnel Proxy from the menu. Add third-party proxies by selecting Configure F5 Settings.
    • To restrict the communication to a set of tunnel domains, enter domains in the App Tunnel URLs text box. All other traffic not listed in this text box, goes directly to the Internet.

      Use wildcards to allow access to any site with a domain subset. For example, *.<example>.com allows traffic to any site that contains .<example>.com in its domain. Similarly, it allows access to any port on that site with an implementation similar to *.<example>.com.

      If nothing is listed in this text box, all traffic directs through the app tunnel.

    Standard Proxy

    Sets devices to request resources using a proxy server that allows or denies connections to enterprise systems.

    • To access your internal network, select an App Tunnel Proxy from the menu . Add standard proxies by selecting Configure Standard Proxy Settings.
    • To restrict the communication to a set of tunnel domains, enter domains in the App Tunnel URLs text box. All other traffic not listed in this text box, goes directly to the Internet.

      Use wildcards to allow access to any site with a domain subset. For example, *.<example>.com allows traffic to any site that contains .<example>.com in its domain. Similarly, it allows access to any port on that site with an implementation similar to *.<example>.com.

      If nothing is listed in this text box, all traffic directs through the app tunnel.

  3. Save your settings.

For more topics about the SDK and mobile application management, see MAM Functionality With SDK Functions.

You can integrate the content filtering feature and the app tunnel to benefit from your content filtering system with Workspace ONE UEM. See Content Filtering and App Tunnel for more information.