Network Traffic Rules for Per-App Tunnel
From Workspace ONE UEM Console you can define Network traffic rules that allows you to set granular control over how the VMware Tunnel directs traffic from devices.
This configuration applies to the Per-App Tunnel component, when create device traffic rules to control how devices handle traffic from specified applications and server traffic rules to manage network traffic when you have third-party proxies configured.
Device traffic rules force the VMware Tunnel app to send traffic through the tunnel, block all traffic to specified domains, bypass the internal network straight to the Internet, or send traffic to an HTTPS proxy site. The device traffic rules are created and ranked to give an order of execution. Every time a specified app is opened, the VMware Tunnel app checks the list of rules to determine which rule applies to the situation. If no set rules match the situation, the VMware Tunnel app applies the default action. The default action, set for all applications except for safari, applies to domains not mentioned in a rule. If no rules are specified, the default action applies to all domains. The device traffic rules created apply to all VPN VMware Tunnel profiles in the organization group the rules are created in.
Server traffic rules enable you to manage the network traffic when you have third-party proxies configured in your network. These rules apply to traffic originating from the VMware Tunnel. The rules force the VMware Tunnel to send traffic for specified destinations to either use the proxy or bypass it.
1. Accessing Tunnel Traffic Rules
Return to the Tunnel Configuration page in the Workspace ONE UEM Console where you left off.
NOTE: If you navigated away from the Tunnel Configuration page, you can return by going to Groups & Settings > All Settings > System > Enterprise Integration > VMware Tunnel.
- Scroll down to the Traffic Rules section.
- Click EDIT under Device Traffic Rules.
2. Defining Device Traffic Rules
In this step you are creating a specific rule that will be applied only to Safari, any requests to *.corp.local will be traffic through VMware Tunnel, everything else won't.
- Click Add Device Traffic Rule
- Click the dropdown arrow under the Application section
- Select the Safari-iOS application
- Leave the Action as TUNNEL
*.corp.localin the Destination field
- Click Save And Publish
A message confirming that the Device Traffic Rules were published will show up in the console.