Thanks for your reply. Yes I configured tunnel and the icon is green showing that its up and running. DNS is also configured with correct IPS. When i go on the tunnel diagnostics on the device it shows a dns of 127.0.0.53 which I have no idea where it came from.

Ok, but what you see under device traffic rules? Is all traffic bypass or tunnel ? Or specific app's configured to access VPN?

I have one rule - Action: Tunnel application: web-woekspace ONE Android and destination our proxy

Destination should be url of website what you would like to access not proxy. If I understood correctly then you have configured device to be able access only your proxy via workspace ONE web app.

OK so destination should be the actual internal URL? What about the logs on the tunnel. Why is it showing 127.0.0.53?

I changed the destination to the path we access the link internally, however the same issue.

Yes destination should be actual URL. About logs have no idea, could you say where did you find that DNS entry in logs? I will check there in our environment.

The logs I found them when i open the tunnel app and go to diagnostics

Strange, I don't see anything related to DNS there in diagnostics.

Thats because yours is working correctly

This is what shows on mine

Sorry previous post didnt have the screen shot

Any idea pls?

1) Is the VPN profile assigned to the application the App-Assignment? (The app should be visible in the tunnel client)

Yes its assigned to the web app

2) Is the default rule for Device Traffic Rules configured correctly in the WS1 Tunnel Configuration? (Action = Tunnel; For three destinations you should set BYPASS to prevent problems with some WorkspaceONE-Apps: *api.na1.region.data.vmwservices.com*,*discovery.awmdm.com*,*signing.awmdm.com*)

Not sure what you mean by this. My settings are at Tunnel. I added all the applications to be sure it works and then as for destination I entered the internal link we use to access our internal webapp. Is this correct?

3) Are the server traffic rules in the WS1 tunnel configuration correctly configured? (Should be "Bypass" for internal addresses and "Proxy" for external addresses)

Depends if the above is correct.

4) Which DNS servers are configured in the UAG settings? *

Our internal DNS Servers

5) Are you sure that the problem is not caused by the firewall?

It shouldn't be the case.

Really not sure why its not working here. Any help thrown this way would be greatly appreciated.

You can configure the Device Traffic Rules as shown in the screenshot. This config tunnels all apps with a VPN profile.

Specific apps or destinations only need to be specified if you want to control the traffic in detail.

For the server traffic rules you should only enter one rule for testing:

Destination: *

Action: BYPASS

If you do not have specific error messages (e.g. from the browser), we can only make guesses about the cause of the error.

You should also check out the dokumentation: Configure Network Traffic Rules for the Per-App Tunnel

Thanks for the reply. I did the below and the browser did load so thats a big improvement!

I now got an net::ERR_CONNECTION_TIMED_OUT error which is pointing to my identity provider (OKTA)

Anyone ever had this issue?

If we get an error message without any context to the configuration, nobody will be able to help you here.

If you used an FQDN, at least the name resolution works. However, your destination is not reachable. This may be due to missing firewall rules. (If you have a web service that is only accessible with 443tcp, it is recommended to write "https://" in front of the URL, so that no http-request on port 80tcp is triggered)