VMware Tunnel Settings on Workspace ONE UEM Console

When the Tunnel Edge Service is enabled on Unified Access Gateway Appliance it pull out the configuration of the VMware Tunnel from Workspace ONE UEM, for that reason the VMware Tunnel must be configured first on the Workspace ONE UEM, prior to deployment of the Unified Access Appliance.

This section will walk you through the steps to configure VMware Tunnel in Workspace ONE UEM Console, enabling only the Tunnel Proxy component, Per App Tunnel WON'T be enabled for this lab.

1. Open All Settings

Open All Settings
  1. Click on Groups & Settings.
  2. Click on All Settings,


2. Configuring VMware Tunnel Settings

Configure the VMware Tunnel settings
  1. Click System.
  2. Click Enterprise Integration.
  3. Click VMware Tunnel.
  4. Click Configuration.
  5. Change the setting to Override.
  6. Select Enable for VMware Tunnel.
  7. Click Configure.

2.1. Configuration Type

Configuration Type
  1. Set Proxy (Windows & Linux) to Enabled.
  2. Select Basic (Single-Tier) from the drop down for VPN Configuration Type - which means deployment of Unified Access Gateway Appliance on DMZ where Tunnel Proxy will be enabled to communicate with the internal Network.
  3. Set Per-App Tunnel (Linux Only) to Disabled.
  4. Click Next to continue.

The Per-App Tunnel component option in this step when Enabled allows access to internal websites, servers, etc from mobile apps deployed on the managed device. In this exercise we will not use this option.

2.2. Configure Hostname and port details

Configure Hostname and Port Details

In this page you will need to fill in the Host Names, URLs and Ports that correspond to the specific server(s) assigned to you for this workshop.

You should have received an email titled "VMWorld Workshop | Lab Ports and Hostnames", which has the assigned port and hostname values you should enter here.  This email is sent to the account you used to register for VLP and signed into the Workspace ONE UEM Console with.

Note: If you did not receive, please notify a lab proctor before continuing!

  1. Enter the DNS address assigned to you for the Hostname field (Format: pool##.airwlab.com).
  2. Enter #### for the Relay Port.
  3. Click Next.

The red error messages is showing on the screenshot because ## is not a valid character, replace the ## by the numbers receive on the e-mail.

2.3. Configure Tunnel SSL Certificate

Configure Tunnel SSL Certificate
  1. Ensure Use Public SSL Certificate is selected.
  2. Click Upload and select the airwlab.pfx file under C:\AW Tools.
  3. Enter AirWatch for Password and click Save.
  4. Click Next.

2.4. Authentication

  1. Select Default.
  2. Click Next.

2.5. Miscellaneous

VMware Tunnel Configuration - Miscellaneous
  1. Set the Access Logs option to Disabled.
  2. Click Next to continue.

2.6. Confirm VMware Tunnel Settings

Confirm VMware Tunnel Settings

Verify that the configuration summary is correct. Click Save to continue.

2.7. Download the Unified Access Gateway Appliance

Download the Appliance

NOTE: The Unified Access Gateway has already been downloaded for you! You do not need to download it from the Resource portal!

Once the configuration is saved you will be able to download the installer from the console or Download the Unified Access Gateway Virtual Appliance.

The preferred method is to "Download Unified Access Gateway", which will redirect to the Workspace ONE Resources portal where the Unified Access Gateway Virtual Appliance OVF package is hosted. However, in the interest of time the file has been downloaded to your sever and can be found on the Desktop in the UAG Resources\UAG Files Folder.  

Before you move into the deployment of Unified Access Gateway, on the next section you will be performing some configuration settings related to the VMware Browser.