VMware Workspace ONE Community
palphonso
Enthusiast
Enthusiast
‎09-11-2018 07:19 AM

Per-App VPN with F5 Access not starting when open an app

We created a Per-App VPN profile by the book. We configured a public application to use this profile.
When we open the app, the VPN connection is never triggered.
The app is configured to go to a URL specified in the safari domains of the VPN profile.

When we configure the VPN connection manually (with the same settings) in the F5 Access application, the VPN establishes properly and we can then connect to the URL within the app.

Does anyone have a clue how I can troubleshoot this. I'm starting to think the app doesn't understand that it needs to start a VPN tunnel.
Labels (1)
Labels
0 Kudos
5 Replies
admin
Immortal
Immortal
‎09-13-2018 09:03 PM

Just subscribing to this post as I have the exact same problem.   Happens for me with both iOS and Android using F5 Access.
0 Kudos
jarodyak
Contributor
Contributor
‎10-22-2018 10:56 AM

On the iOS device go to Settings>VPN>PER-APP VPN> tap ' i' .
Inside here make sure that ' Connect On Demand'  is Enabled.
The AW Profile setting is supposed to toggle this to Enabled but it's not working.  If you manually Enable this, VPN should now engage when you open the app you've attached it to.
0 Kudos
mponcin
Contributor
Contributor
‎04-09-2019 01:55 PM

Hi guys, any news about this? Im having the same problem, cannot start automatically the F5 vpn connection when opening an application with the tunneling configured for the VPN F5 profile.
0 Kudos
palphonso
Enthusiast
Enthusiast
‎04-17-2019 10:57 AM

We actually met with F5 and following the discussion we had, we decided to abandon the whole idea behind Per-App VPN. On Demand VPN worked fine but Per-App simply never worked for us and with F5 who decided to redo their application which caused a nightmare for us since we use certificates for authentications. We had to careful planned the migration from one app to the other to limit the impact on users are much as possible. AirWatch as mechanism in place to make sure it doesn't flood ADCS servers. So touching a profile that uses certificates causes a massive revoke of certificates and request new ones. This process take forever because of their mechanism to prevent flooding. Because of all these reason, we are actually looking at other solutions like PING or OTKA.
0 Kudos
Stansfield
Enthusiast
Enthusiast
‎04-17-2019 11:35 AM

Have you considered using the Airwatch tunnel per app vpn system?  It can use a CA internal to the AirWatch server
0 Kudos