VPN with WS1 Tunnel

Updated on

Now we'll begin to enter the world of  Secure Access.

Here are a few important notes on the benefits of Workspace ONE Tunnel.

  • Workspace ONE Tunnel enables secure access for all workers and devices working anywhere with an internet connection outside the office.
  • Users never have a 'no-touch' Tunnel experience. Its setup and configuration are 100% managed by Workspace ONE UEM.
  • IT organizations can take a least-privilege approach to enterprise access, ensuring only managed devices, defined apps, and domains have access to the internal network.
  • Zero Trust goals can be reached by combining explicit definitions for managed applications and integration with the Workspace ONE compliance engine. 

VMware Tunnel Provisioning

The VMware Tunnel's Device Traffic Rules are configured in Workspace ONE UEM. This section is provided for your information.

Workspace ONE UEM has automatically pushed the Workspace ONE Tunnel app, the Tunnel app's device profile, and Google Chrome to your device.

Workspace ONE UEM manages Chrome as the per-app Tunnel app.

Workspace ONE UEM also manages the VMware Tunnel's fundamental configurations which establish connectivity and trust within an organization's environment.  Inside UEM's system settings area are the Device Traffic Rules (DTRs).  These DTRs are elemental to the Workspace ONE Tunnel app's configuration.

Tunnel to Intranet

On the device, launch Chrome and navigate to the below site or use the Hub's Intranet web app.


Next, on the device, try to go to the same site using an unmanaged browser (e.g., Microsoft Edge). Since Edge is not configured as a managed Workspace ONE Tunnel app, Edge has no access to the internal site.

Launch the Workspace ONE Tunnel app to see its configuration which displays its connected state, managed domains (i.e., domains accessible via the Tunnel), and blocked domains.

Blocked Domains

In Chrome, attempt to load one of the blocked domains. The connection will be refused by the Workspace ONE Tunnel.   

Video hosted on Intranet

Next, play the VMware SASE video from the intranet site. The video is hosted on the internal server inside the demo organization.  Note the high performance and no observable lag.

Previous Article Auto-provisioning of Windows Apps
Next Article Preventing Undesirable Content with Cloud Web Security