After deploying the VMware Tunnel on the VMware Unified Access Gateway, you must configure the custom VMware Tunnel settings to meet your organizational needs. Configure these settings in the Unified Access Gateway admin UI hosted on your Unified Access Gateway.
Procedure
- Navigate to the URL of your Unified Access Gateway admin UI. The url uses this format: https://[IP ADDRESS]:9443/admin/.
- Enter "admin" as the username.
- Enter your admin UI password. Select Login.
- Select Configure Manually.
- Next to Edge Service Settings, select Show.
- Next to VMware Tunnel Settings, select the settings icon (
) to configure your VMware Tunnel deployment. - Customize VMware Tunnel Settings.
Settings Descriptions Enable VMware Tunnel Settings Set to Yes to use the configured VMware Tunnel settings.
After configuration, setting this option to No does not deactivate the VMware Tunnel.
API Server URL Enter the URL to your Workspace ONE UEM API server. To find the URL, navigate to .
The appliance contacts the Workspace ONE UEM API server to fetch your VMware Tunnel configuration.
For example, https://asXXX.example.com.
API Server Username Enter the username of a Workspace ONE UEM console admin user account. The account must have Console Administrator privileges at a minimum. For the Tunnel Edge Service on UAG, the admin account used to save the Tunnel Service settings is only used at initial configuration. Once the Tunnel Edge Service is successfully saved and configured, further UEM API communication is secured through certificate-based authentication.
The admin account will only be needed for a manual update to the Tunnel Edge Service. VMware Tunnel will continue to function even if this admin account is inactive.
API Server Password Enter the password of an Workspace ONE UEM console admin user account.
You must have Console Administrator privileges at a minimum.
Organization Group ID Enter the Group ID for the organization group the VMware Tunnel is configured. Tunnel Server Hostname Enter the hostname for your VMware Tunnel configuration.
The hostname must match the hostname entered in the VMware Tunnel configuration wizard. The Unified Access Gateway configures the instance as a relay server or an endpoint server based on the hostname. Ensure that you properly enter the hostname to avoid any issues in deployment.
This is the Tunnel server hostname.
- (Optional) Select the More drop-down menu to configure additional settings including Workspace ONE UEM Outbound Proxy Settings if you use an outbound proxy to make the initial call to the API server.
Settings Description Outbound Proxy Host Enter the outbound proxy hostname. Outbound Proxy Port Enter the outbound proxy port. Outbound Proxy User Enter the user name if you proxy requires authentication. Outbound Proxy Password Enter the password for your outbound proxy if your proxy requires authentication. NTLM Authentication Enable if your proxy requires NTLM authentication. Use for VMware Tunnel Proxy Enable to use these proxy settings as the outbound proxy for your VMware Tunnel- Proxy deployment. Host Entries Enter the host entries for the server. You can enter multiple host entries separated by commas. They must follow this format:
IP address hostname hostname alias (optional). For example, 10.192.168.1 example1.com, 10.192.167.2 example2.com.
Use this option if your DNS is not publicly available or accessible from the DMZ.
Trusted Certificates Select Select to upload a PEM certificate to add to the trusted store. Select the plus icon to upload additional certificates.
This feature only supports PEM certificates.
- (Optional) On the Support Settings screen on this page, download the Log Archive and export your custom settings using the Export Access Point Settings option.
- To finish, select Save.
