Configure Per-App Tunnel for Windows to allow those devices to connect to internal sites you define through the VMware Tunnel. Using this functionality requires you to configure and install the Per-App Tunnel component as part of your VMware Tunnel installation.

For more information on configuring the Windows VPN profile, see Configure a VPN Profile.


To configure a VPN profile for Per-App Tunnel:

  1. Navigate to Devices > Profiles > List View > Add and select Windows. Then select Windows Desktop and User.

  2. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  3. Select the VPN payload from the list.
  4. Enter a Connection Name and select VMware Tunnel as the Connection Type.

    The Server text box populates automatically with your VMware Tunnel component server URL. If this component is not configured, you see a message and hyperlink to the system settings page where you can configure it.

  5. Configure the Per App VPN rules.
  6. Configure the relevant Policies settings:

    Settings Description
    Always On Enable to force the VPN connection to be always on.
    VPN Lockdown

    Enable to force the VPN to always be on, never disconnect, disable any network access if the VPN is not connected, and prevent other VPN profiles from connecting on the device.

    A VPN profile with VPN Lockdown enabled must be deleted before you push a new VPN profile to the device.

    Trusted Network Detection Enter, separated by commas, trusted network addresses. The VPN does not connect when a trusted network connection is detected
  7. Select Add New Domain to add all domains you want resolved through the VMware Tunnel server.
  8. Select Save & Publish.