After you complete the pre-deployment configuration, you can configure advanced settings for VMware Tunnel that are optional for VMware Tunnel deployment. Except where noted, you can configure these settings before or after installation.

Configure Advanced Settings for VMware Tunnel

The Advanced settings tab in VMware Tunnel lets you configure more settings that are optional for an VMware Tunnel deployment. For example, you can configure RSA Adaptive Auth Integration, Kerberos Proxy Port, API and AWCM outbound calls via proxy and so on. All the advanced configuration, except where noted, can be completed before or after installation.

Configure Network Traffic Rules for the Per-App Tunnel Component

Network traffic rules allow you to set granular control over how the VMware Tunnel directs traffic from devices. Device traffic rules forces VMware Tunnel to send traffic through the tunnel, block all the traffic to specified domains, bypass the internal network straight to the Internet, or send traffic to an HTTPS proxy site. Server traffic rules enable you to manage the network traffic when you have third-party proxies configured in your network.

Configure Outbound Proxy for the Proxy and Per-App Tunnel Component

Many organizations use outbound proxies to control the flow of traffic to and from their network. Outbound proxies can also be used for performing traffic filtering, inspection, and analysis.

It is not mandatory to use outbound proxies with VMware Tunnel, but your organization may choose to deploy them behind one or more VMware Tunnel servers based on recommendations from your security and network teams. For VMware Tunnel on Linux, Workspace ONE UEM supports outbound proxies for the two VMware Tunnel components: Proxy and Per-App Tunnel. For VMware Tunnel on Windows, Workspace ONE UEM supports outbound proxies for the Proxy component.

SSL Offloading the Proxy Component

You can configure SSL Offloading to ease the burden of encrypting and decrypting traffic from the VMware Tunnel server. Only the VMware Tunnel Proxy component supports SSL Offloading. You can perform SSL offloading with products such as F5's BIG-IP Local Traffic Manager (LTM), or Microsoft's Unified Access Gateway, Threat Management Gateway (TMG) or Internet Security and Acceleration Server (ISA) solutions. VMware Tunnel Proxy is compatible with general SSL offloading solutions if the solution supports the HTTP CONNECT method.