Product Documentation

To add an Application Tunnel

Dec 21, 2015
  1. In the Device Manager web console, click the Policies tab and then under MDM Policies, click the device type for which you want to add an Application Tunnel (App Tunnel).
  2. Click Tunnels and then click New tunnel.
  3. In the Create a tunnel dialog box, in Name, enter the tunnel name. Citrix recommends the format Application_Name.
  4. Select the Remote Support check box if the tunnel will be used for the Remote Support application. If you select this option, some of the options in the dialog box become unavailable. To complete the remote support tunnel configuration, see To create a remote support App Tunnel.
  5. Under Connection configuration, in Connection initiated by, click Device if the connection is client-initiated or click Server if the connection is server-initiated. With the exception of Remote Support, App Tunnels are typically client-initiated.
  6. In Protocol, click Generic TCP or Active FTP as the tunnel protocol.
  7. In Max. connections per device, set the maximum connections, per device, per tunnel. (1 is recommended.)
  8. Optionally, set the connection timeout, in seconds. This option allows for App Tunnels to be closed cleanly, even if the app fails.
  9. Optionally, choose to use SSL encryption connection between the server running Device Manager and the desktop running the Remote Support application.
  10. Optionally, in Secure Connection, select the Use SSL connection check box to block the traffic through that tunnel when the devices are in a roaming situation.
  11. Under Application device parameters, click one of the following options to define the mobile application traffic redirection:
    • Through application settings. If you choose this option, you must set 127.0.0.1 in the application server field on the mobile device.
    • Using a local alias. The application on the mobile device will connect to the alias you enter; te alias will be resolved to localhost and intercepted by Device Manager Client Agent. An alias can be any name; for example: my_crm application, exchange server, and so on.
    • An IP address range. Specify a range of IP address targets for which the mobile application will try to connect to in order to make Device Manager to tunnel the connection. For example:
      • From: 0.0.0.0 to 255.255.255.255. In that case, all the traffic from the mobile device is redirected through Device Manager.
      • From: 88.10.10.10 to 88.10.10.10. In that case, only the traffic toward 88.10.10.10 is redirected through Device Manager.
  12. In Client port, enter the port used by the application on the mobile device. This option is required.
  13. In Application server parameters, enter the application IP address or server name, and the server port number. These options are required. In most cases, this is the same value as for Client port.
  14. Click Create.
    Note: To properly use an App Tunnel, you need to configure the device-based apps to connect to the Device Manager server rather than to their own server. Usually, 127.0.0.1 (localhost) is specified as the server address. However, some apps may not allow this type of configuration, or it may be preferable not to change the configuration of applications already deployed. In such cases, check the Specify a local alias box and enter the server's name. This name will be redirected automatically to 127.0.0.1 on the mobile devices.