Applies To:Show Versions
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
What are app tunnels?
An app tunnel (application tunnel) provides secure, application-level TCP/IP connections from the client to the network. App tunnels are particularly useful for users with limited privileges who attempt to access particular web applications, as app tunnels do not require that the user has administrative privileges to install.
Additionally, optimization is available for app tunnels. With compression settings for app tunnels, you can specify the available compression codecs for client-to-server connections. The server compares the available compression types configured with the available compression types on the server, and chooses the most effective mutual compression setting. You configure compression for the server in the connectivity profile.
Task summary for app tunnels
To set up this configuration, perform the procedures in the task list.
Configuring an app tunnel object
- On the Main tab, click The App Tunnels screen opens. .
- Click Create. The New App Tunnel Resource screen opens.
- Type a name and description for your app tunnel.
- Although an ACL is automatically created for your application object, you can choose to determine the order of your ACL as it appears in the ACL list. Use the ACL Order list to select the placement you want.
- Under Default Customization Settings, type a Caption for the app tunnel. This caption identifies the app tunnel and enables it to appear on a full webtop.
- Click Create.
Configuring an application resource item for an app tunnel
- On the Main tab, click The list of app tunnels opens. .
- Click the name of the app tunnel you created. The Properties screen opens.
- Under Resource Items, click Add. The New Resource Item screen opens.
- For the Destination setting, specify whether the application destination Type is a host or an IP address. You cannot use the fully qualified domain name to connect to an application resource that is configured with an IP address destination type. If you specify a hostname, make sure that it is DNS-resolvable. After the application tunnel is assigned to a full webtop in an access policy, the application tunnel does not appear on the full webtop if the hostname is not DNS-resolvable.
- Specify your port or port range for the application.
From the Application Protocol list, select the application
Option Description None Specifies that the app tunnel resource uses neither RPC or FTP protocols. Microsoft RPC Specifies that the resource uses the Microsoft RPC protocol. Microsoft Exchange RPC Server Specifies that the resource uses the Microsoft Exchange RPC Server protocol. FTP Specifies that the resource uses FTP protocol.
- For the Application Path setting, optionally specify a path for an application to start after the application access tunnel is established.
For the Parameters setting, specify any parameters associated with
the application that starts with the Application Path. The parameters
you can add are:
- %host% - This is substituted with the loopback host address, for example http://%host%/application/.
- %port% - The loopback port. Use this if the original local port has changed due to conflicts with other software.
- Click Finished. The resource appears in the app tunnel object.
Configuring an access policy to include an app tunnel
- On the Main tab, click The Access Profiles List screen opens. .
- Click the name of the access profile for which you want to edit the access policy. The properties screen opens for the profile you want to edit.
- On the menu bar, click Access Policy. The Access Policy screen opens.
- Click Edit Access Policy for Profile profile_name. The visual policy editor opens the access policy in a separate screen.
Click the (+) icon anywhere in the access policy to add
a new action item.
Note: Only an applicable subset of access policy items is available for selection in the visual policy editor for any access profile type.A popup screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
- On the Assignment tab, select the Resource Assign agent, and click Add Item. The Resource Assignment screen opens.
- Next to the App Tunnel setting, click the Add/Delete link, and select the application tunnel to assign.
- Click Update.
- Click the Save button to save changes to the access policy item.
Attaching an access policy to the virtual server for app tunnels
- On the Main tab, click The Virtual Server List screen opens. .
- Click the name of the virtual server you want to modify.
- In the Destination Address field, type the IP address for a host virtual server. This field accepts an address in CIDR format (IP address/prefix). However, when you type the complete IP address for a host, you do not need to type a prefix after the address.
- From the HTTP Profile list, select http.
- In the Access Policy area, from the Access Profile list, select the access profile that you configured earlier.
- If you are using a connectivity profile, from the Connectivity Profile list, select the connectivity profile.
- If you are creating a virtual server to use with portal access resources in addition to app tunnels, from the Rewrite Profile list, select the default rewrite profile, or another rewrite profile you created.
- If you want to provide connections to Java RDP clients for application access, allow Java rewriting for portal access, or support a per-app VPN connection that is configured on a mobile device, select the Application Tunnels (Java & Per-App VPN) check box. You must enable this setting to make socket connections from a patched Java applet. If your applet doesn't require socket connections, or only uses HTTP to request resources, this setting is not required.
- If you want to provide native integration with an OAM server for authentication and authorization, select the OAM Support check box. You must have an OAM server configured in order to enable OAM support.
- Click Update.