Testing Per App VPN
Now that the device is enrolled and has received settings that we configured in the AirWatch Console, we are ready to begin testing the Per-App VPN functionality.
1. Launch & Enable the F5 Access Application
This step is to enable the newly installed VPN client to handle network traffic and is required for the user to do only the 1st time that the application is installed.
Press the Home button on the iPad to return to the Launchpad. Swipe right if needed to see the downloaded applications. Select the F5 Access application to open it.
1.1. Accept the F5 User Agreement
Select Enable at the User Agreement prompt.
2. Launch VMware Browser
Press the Home button on the device to return to the Launchpad. Tap the VMware Browser icon to launch the application.
2.1. Allow Notifications from VMware Browser
If prompted to allow Notifications from VMware Browser, tap Allow.
2.2. Confirm VPN Connection and Navigate to Internal Website
- The VPN icon notates that the VPN connection is active. This is established from our F5 Per-App VPN profile that we configured VMware Browser with.
- Tap the "internal.hol.airwlab.com" bookmark to navigate to the internal website.
2.3. Confirm the Internal Website is Accessible
If your Per-App VPN connection is setup correctly, you should see a website with the Welcome message.
Continue to the next step.
3. Attempt to Access the Website From Safari
We will now show that although the VPN connection is active, other applications on the device will not be able to access the internal network resources.
3.1. Open Safari
Return to the launchpad by pressing the Home button on the iPad. Open Safari by selecting the icon form the Launcher.
3.2. Attempt to Navigate to the Internal Resource From Safari
- Open a new tab by selecting the + sign on the navigation bar.
- Select the entry box on the navigation bar and enter the URL "internal.hol.airwlab.com" (this is the same URL we entered in VMware Browser).
- Notice that the website does not load in the Safari browser due to a timeout.
The website is published to an internal web server that can only be accessed when the VPN connection is being used. Although the VPN connection may remain active (look for the VPN icon in the status bar), Safari is not designated as an application that is allowed to use the Per-App VPN connection. You may have multiple VPN configurations and multiple apps assigned for each VPN. Most Public applications are compatible with per-app VPN on iOS. If desired, you can authorize the native browser on iOS to leverage the per-app VPN connection, we have chosen not to for the purposes of this lab.