Device Traffic Rules control how traffic is directed through the VMware Tunnel when using the Per-App Tunnel component. These rules allow you to tunnel, block, or bypass traffic as needed. In some scenarios, the updated Device Traffic Rules is not sent to the devices.


When the administrator changes the Device Traffic Rules and click Save, the Device Traffic Rules gets mapped to the profile, but the updated Device Traffic Rules is not replaced for the devices where the VPN profile is already installed. Device Traffic Rules is only updated for the newly enrolled devices or for the devices that have the VPN profile reinstalled.


  • To send the updated Device Traffic Rules to the devices post modifying the Device Traffic Rules, administrators must click Save and Publish. Save and Publish adds a version to the VPN profile and republishes Device Traffic Rules to all the devices.
    • If the adminsitartor changes the Android application in the Device Traffic Rules and clicks Save and Publish, the VPN profiles for both iOS, Android profiles gets a version update and the VPN profile installs are queued for all the assigned devices.
    • Reinstalling the profile reissues the client certificate to the device with a new thumbprint.