Network traffic rules allow you to set granular control over how the VMware Tunnel directs traffic from devices. Using the Per-App Tunnel component of VMware Tunnel, create device traffic rules to control how devices handle traffic from specified applications and server traffic rules to manage network traffic when you have third-party proxies configured.

Device traffic rules force VMware Tunnel to send traffic through the tunnel, block all traffic to specified domains, bypass the internal network straight to the Internet, or send traffic to an HTTPS proxy site. The device traffic rules are created and ranked to give an order of execution. Every time a specified app is opened, VMware Tunnel checks the list of rules to determine which rule applies to the situation. If no set rules match the situation, VMware Tunnel applies the default action. The default action, set for all applications except for safari, applies to domains not mentioned in a rule. If no rules are specified, the default action applies to all domains. The device traffic rules created apply to all VPN VMware Tunnel profiles in the organization group the rules are created in.

Server traffic rules enable you to manage the network traffic when you have third-party proxies configured in your network. These rules apply to traffic originating from the VMware Tunnel. The rules force the VMware Tunnel to send traffic for specified destinations to either use the proxy or bypass it.

Supported Platforms

VMware Tunnel supports Network Traffic rules for the following platforms:

  • iOS devices with VMware Tunnel for iOS
  • macOS devices with VMware Tunnel for macOS

    VMware Tunnel only supports network traffic rules for the Safari app for macOS devices.

  • Android devices with VMware Tunnel for Android

VMware Tunnel supports enforcing the Per-App VPN rules configured in the Windows Desktop and Windows Phone VPN profiles. For more information, see VPN Profile (Windows Desktop) and VPN Profile (Windows Phone).

Looking for information on Single Sign-On? For information on implementing Android mobile single sign-on for Workspace ONE, see the Workspace ONE Quick Configuration Guide, available at