Validate Workspace ONE Tunnel Implementation for Per App VPN

Once enrollment is complete, ensure that the Workspace ONE Tunnel and Google Chrome applications are installed on your device. If not, open the App Catalog to Install these applications on your device.

1. Launch & Enable the Workspace ONE Tunnel Client

Launch & Enable the AirWatch Tunnel Client

This step is to enable the newly installed Tunnel client to initiate a VPN connection automatically on behalf of the user whenever an enabled application is launched. This is only required the first time that the application is installed.

Press the Home button on the iPad to return to the Launchpad. Swipe right if needed to see the downloaded applications. Select the Workspace ONE Tunnel client to open it.

Note: If the Tunnel application is missing from your device, open the Catalog and try to install it from there by selecting Install.

1.1. Opening Workspace ONE Tunnel Client for the first time

Accept the VPN Security Warning

Click Continue to enable the Tunnel application as a VPN client on the device.

1.2. Accept Privacy Policy

Click I Understand

1.3. Accept Data Sharing Policy

Click I Agree

1.4. Confirm Workspace ONE Tunnel VPN Configuration

If everything was configured correctly, you will see the Device section has a green checkmark and shows that it configured with VPN Configuration #XXXXX.  

2. Opening Safari Browser

Open Safari

Open Safari Browser.

3. Access Public website from Safari

Access Public website

Enter on the Navigation Bar.

You can access the VMware website normally and no VPN is requested as expected.


4. Access Intranet Website with Safari Browser

Intranet Home Page
  1. Enter http://intranet.corp.local/intranet on the Navigation Bar.
  2. Based on the URL launch you will see the VPN icon appear indicating the connection is active. This is happening because Workspace ONE Tunnel Client App found a rule that applies to this situation, which is the one you precious defined.
  3. The website will load and you'll see a intranet home with Welcome message.

5. Attempt to Access Intranet Website From Google Chrome

We will now show that although the VPN connection is active for Safari browser, you are not able to access the intranet from other browsers.

5.1. Open Google Chrome browser

Select the URL from the AirWatch Browser

Open Google Chrome Browser

5.2. Enter the Intranet Website URL

Copy the URL from the AirWatch Browser
  1. Enter http://intranet.corp.local/intranet and press Go/Enter
  2. VPN is not active
  3. After couple seconds you will receive an error page that states "This site can't be reached"

Notice that the website doesn't load for Google Chrome since the device traffic rulle configured earlier allows access to the internal domain only through Safari browser. The website is published to an internal DNS that can only be accessed when the VPN connection is being used. Safari is enabled to initiate Per-App VPN Tunnel only for the domains configured in the device traffic rulles.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.