Configure AirWatch Tunnel Settings in AirWatch Console

In this section, we are going to configure AirWatch Tunnel settings in AirWatch admin console.

1. Enable AirWatch Tunnel

Enable AirWatch Tunnel

In the admin console:

  1. Click on Groups & Settings.
  2. Then click on All Settings.
Navigate to AirWatch Tunnel Settings
  1. Click System.
  2. Click Enterprise Integration.
  3. Click AirWatch Tunnel
  4. Click Configuration
  5. Change the setting to Override.
  6. Enable AirWatch Tunnel
  7. Click on Configure.

1.2. Enable Per-App Tunnel

Enable Per-App Tunnel
  1. Set Proxy (Windows & Linux) to Disabled
  2. Set Per-App Tunnel (Linux Only) to Enabled
  3. Select Basic from the drop down.
  4. Click Next to continue

1.3. Check your Email for Assigned Tunnel Hostname and Port

Check your Email for Assigned Tunnel Hostname and Port

You should receive an email (to the email account you used to log in to the lab environment) when you started the lab. This email contains your Tunnel Hostname and Port. e.g. the screenshot shows the port assignment and tunnel hostname for a test user.

  1. This will be your "port number" to be used in the next step.
  2. This will be your Tunnel server "hostname" to be used in the next step.

1.4. AirWatch Tunnel Configuration

AirWatch Tunnel Configuration

In this page you will need to fill in the Host Names and Ports that correspond to the specific server(s) assigned to you for this workshop.

  1. Enter the "hostname" you received in the email in the previous step.
  2. Enter the "port number" you received in the email in the previous step.
  3. Click Next

1.5. Per-App Tunneling SSL Certificate

Per-App Tunneling SSL Certificate

In order to establish trust between AirWatch Console and the F5 server behind which we are going to install Tunnel server, we are going to upload * SSL certificate.

  1. Check the box for "Use Public SSL Certificate".
  2. Click on "Upload".
  3. Click on "Choose File". (Note: This option may differ depending on the Browser you are using).

1.6. Select airwlab_ssl certificate

Select airwlab_ssl certificate
  1. Select the folder "Downloads".
  2. Select "airwlab_ssl.pfx"
  3. Click "Open".

1.7. Enter Certificate Password

Enter Certificate Password
  1. Enter password as "AirWatch" (Note: This password is case sensitive).
  2. Click on "Save".

1.8. Validate airwlab_ssl

Validate airwlab_ssl
  1. Validate that you are using certificate assigned to "*"
  2. Click "Next" to continue.

1.9. Select the Default Authentication

Select the Default Authentication
  1. Ensure that Per-App Tunnel Authentication is selected as "Default".
  2. Click on "Next" to continue.
  3. Click "OK" on the authentication settings load screen. (Note: It may take around 30-45 seconds to save the Tunnel Configuration).
  4. Once the Settings are saved, click on "Next" to Continue.

1.10. Add Per-App VPN Profile Association

Add Per-App VPN Profile Association
  1. Click on "Add".
  2. Select platform as "iOS".
  3. Select Action as "Create New Profile".
  4. Type in the profile name as "NSX Per-App VPN".
  5. Click "Next".

1.11. Configure NSX Integration settings

Configure NSX Integration settings
  1. Select the option for Access Logs as "Disabled".
  2. Select the optio for NSX Communication as "Enabled".
  3. Type in NSX Manager URL as "".
  4. Enter the admin username as "admin".
  5. Enter admin password as "VMware1!"'
  6. Select "Next"

1.12. Confirm Configuration

Confirm Configuration

Confirm that you see:

  1. Hostname as the one you received in your e-mail.
  2. Port as the one you received in your e-mail.
  3. SSL certificate is "Public SSL Certificate".
  4. Authentication as "AirWatch Certificate".
  5. Access logs as "False".
  6. Click on "Save". (Note: It may take 15-20 seconds to save this configuration).

1.13. Download Linux Installer

Download Linux Installer

Now that we have saved our Tunnel Configuration along with NSX integration details, we are going to download the Linux installer.

  1. Use the scroll bar to scroll down.
  2. Click on the option "Download Linux Installer".
  3. Enter the Certificate password as "VMware1!"
  4. Confirm password as "VMware1!".
  5. Click on "Download" at the bottom to continue. (Note: Depending on your internet speed, it may take 25-30 seconds to download the installer).
    If the window freezes, please refresh the screen. If you have any issues alert an instructor.
  6. Click on "X" icon in the top right corner to close the Tunnel Configuration settings.

2. Move the Tunnel Installer tar file to Linux VM

Now that we have our Tunnel Installer downloaded, we will use WinSCP to move the Tunnel Installer to our Linux VM

2.1. Launch WinSCP

Launch WinSCP
  1. Click on WinSCP icon to launch.
  2. Close the WinSCP upgrade prompt.

2.2. Login to Tunnel Server

Login to Tunnel Server
  1. Select Site "awTunnel".
  2. Click "Login".

2.3. Open Directory Downloads

Open Directory Downloads
  1. Click on the icon to "Open Directory".
  2. Click on "Browse".
  3. Navigate to "C:\Users\Administrator\Downloads".
  4. Click "OK"

2.4. Upload the Tunnel Installer to Linux VM

Upload the Tunnel Installer to Linux VM
  1. Click on "AirWatchTunnel.tar".
  2. Click on "Upload".
  3. Ensure that destination folder selected as "/root/*.*".
  4. Click "OK" to continue. (Note: It takes around 1 minute to complete the upload.)

2.5. Close WinSCP Connection

Close WinSCP Connection
  1. Ensure that destination folder root has "AirWatchTunnel.tar".
  2. Click on "X" to close WinSCP connection.