Use App Tunnel to allow an application to communicate through a VPN or reverse proxy to access internal resources, such as a SharePoint or intranet sites.

Prerequisites

You must set up the menu items for VMware Tunnel-Proxy or VMware Tunnel before using them.

To set up configurations and device traffic rules for the VMware Tunnel - Proxy or the VMware Tunnel, see VMware Tunnel.

If you are replacing the VMware Tunnel - Proxy with Tunnel SDK, migrate the App Tunnel URLs entries. See Migrate Proxy App Tunnel URLs to Tunnel SDK.

Procedure

  1. Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies.
  2. Select Enabled and then select the App Tunnel Mode
    Settings Description
    VMware Tunnel - Proxy Sets devices to access corporate resources using the proxy component of the VMware Tunnel, also called Proxy. Consider migrating to the Tunnel SDK that uses the Per-App Tunnel component for better performance and new features.

    For this option to work, you must set up the VMware Tunnel, Proxy component. If this feature is not set up, use the links on this page to go to the configuration pages.

    1. Select Configure VMware Tunnel - Proxy Settings to enable Proxy if you have not already set this feature.
    2. To restrict the communication to a set of tunnel domains, enter domains in the App Tunnel URLs text box. All other traffic not listed in this text box, goes directly to the Internet.
    3. Use wildcards to allow access to any site with a domain subset. For example,*.<example> .com allows traffic to any site that contains .<example> .com in its domain. Similarly, it allows access to any port on that site with an implementation similar to *.<example > .com. If nothing is listed in this text box, all traffic directs through the app tunnel.
    Standard Proxy
    1. Sets devices to request resources using a proxy server that allows or denies connections to enterprise systems.
    2. To access your internal network, select an App Tunnel Proxy from the menu . Add standard proxies by selecting Configure Standard Proxy Settings
    3. To restrict the communication to a set of tunnel domains, enter domains in the App Tunnel URLs text box. All other traffic not listed in this text box, goes directly to the Internet.
    4. Use wildcards to allow access to any site with a domain subset. For example,*.<example> .com allows traffic to any site that contains .<example> .com in its domain. Similarly, it allows access to any port on that site with an implementation similar to *.<example > .com. If nothing is listed in this text box, all traffic directs through the app tunnel.
    VMware Tunnel (Tunnel SDK)

    Sets devices to access corporate resources using theVMware Tunnel and its per-app tunnel component.

    For this option to work, you must set up the VMware Tunnel, Per-App Tunnel. If this feature is not set up, use the links on this page to go to the configuration pages.

    Also, Per-App Tunnel uses device traffic rules to set policies for tunneling, blocking, or bypassing specific domains. Ensure that you have setup web and other SDK-enabled apps on the Device Traffic Rules page before enabling it here.

    1. Select Configure Tunnel Settings to enable the VMware Tunnel if you have not already set this feature.
    2. If you have some SDK applications that still use the VMware Tunnel - Proxy, enable Tunnel Proxy for Backward Compatibility. This menu item allows those SDK applications that have not migrated to Tunnel SDK to continue to work using Proxy.
    3. This settings does not act as a backup for Tunnel SDK. If Tunnel SDK is not working for some reason, SDK applications do not use Proxy even though this option is enabled.
  3. Save your settings.