The Advanced on the Configuration screen lets you configure more settings that are optional for the VMware Tunnel Proxy. Except where noted, you can configure these settings before or after installation.


  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Tunnel > Configuration and select the Advanced tab.
  2. Configure the following VMware Tunnel Proxy settings.
    Setting Description
    RSA Adaptive Auth Integration Enable this setting if you want to integrate VMware Tunnel Proxy with the RSA authentication for a comprehensive Web browsing security.
    Access Logs

    Enable this setting to tell VMware Tunnel to write access logs to syslog for any of your own purposes. These logs are not stored locally. They are pushed to the syslog host over the port you define. Communication to the syslog server occurs over UDP, so ensure that UDP traffic is allowed over this port.

    In relay-endpoint deployments, the relay server writes the access logs and in a basic deployment, the basic server writes the access logs.

    There is no correlation between this syslog integration and the integration accessed on Groups & Settings > All Settings > System > Enterprise Integration > Syslog.

    This feature can be enabled during the initial configuration in the Advanced settings tab in the Workspace ONE UEMconsole. If configured after installation, you must reinstall VMware Tunnel.

    Syslog Hostname: Enter the URL of your syslog host and the UDP Port over which you want to communicate. Ensure that the logging level for access logs is set appropriately in rsyslog.conf on the syslog server.

    UDP Port: Enter the port over which you want to communicate with the syslog host. This setting displays after you enable Access Logs.

    API and AWCM outbound calls via proxy Enable this option if the communication between the VMware Tunnel and Workspace ONE UEM API or AWCM is through an outbound proxy.
    Show detailed errors Enable this option to ensure client applications (for example, Workspace ONE Web) are informed when the VMware Tunnel fails to authenticate a device.
    Log Level Set the appropriate logging level, which determines how much data is reported to the LOG files.

    Maintain your SSL certificates. If you are using AirWatch SSL, select Regenerate to regenerate the certificates.

  3. If you are using a AirWatch certificate and not a public SSL certificate, then you can export the SSL certificate. Select Export if you choose to export the certificate.
  4. Select View Configuration XML to view the configuration XML. You can also Download a local copy if required.
  5. If applicable, configure the Relay-endpoint authentication credentials settings, which are used for authentication between the relay and endpoint servers.
    These text boxes are pre-populated for you after configuration, but you can change them, for example, to meet your organization password strength requirements.
    Setting Description
    Username Enter the user name used to authenticate the relay and endpoint servers.
    Password Enter the password used to authenticate the relay and endpoint servers. Select Change if you choose to change your password credentials.
  6. Select Save.