Network traffic rules allow you to set granular control over how the VMware Tunnel directs traffic from devices. Using the Per-App Tunnel of VMware Tunnel, create device traffic rules to control how devices handle traffic from specified applications and server traffic rules to manage network traffic when you have third-party proxies configured.

Device traffic rules force VMware Tunnel to send traffic through the tunnel, block all traffic to specified domains, bypass the internal network straight to the Internet, or send traffic to an HTTPS proxy site. The device traffic rules are created and ranked to give an order of execution. Every time a specified app is opened, VMware Tunnel checks the list of rules to determine which rule applies to the situation. If no set rules match the situation, VMware Tunnel applies the default action. The default action, set for all applications except for safari, applies to domains not mentioned in a rule. If no rules are specified, the default action applies to all domains. The device traffic rules created apply to all VPN VMware Tunnel profiles in the organization group the rules are created in.

Server traffic rules enable you to manage the network traffic when you have third-party proxies configured in your network. These rules apply to traffic originating from the VMware Tunnel. The rules force the VMware Tunnel to send traffic for specified destinations to either use the proxy or bypass it.

Supported Platforms

VMware Tunnel supports Network Traffic rules for the following platforms:

  • iOS devices with VMware Workspace ONE Tunnel for iOS.
  • macOS devices with VMware Workspace ONE Tunnel for macOS.
    Note:
    • For macOS you can add apps under Device Traffic Rules and assign Device Traffic Rules if you are using UEM console 1910 or above.
    • If you using UEM console 1910 or above, the VPN profile for macOS will not have the App Mapping section and the apps have to be added on the Device Traffic Rules page.
  • Android devices with VMware Workspace ONE Tunnel for Android.
  • Windows desktop devices with VMware Workspace ONE Tunnel desktop application.
    Note: Device Traffic Rules added are applicable only to Windows Tunnel Desktop Client and not for the Windows store App. Device wide VPN profile has to be enabled to use Windows Tunnel Desktop Client.

VMware Tunnel supports enforcing the Per-App VPN rules configured in the Windows Desktop and Windows Phone VPN profiles.