Configuring Email+ with AppTunnel for Android AppConnect

Configure Email+ with AppTunnel to setup access to Exchange server through Exchange Web Services (EWS) protocol and to support Email+ configuration when VPN access is required.

Before you begin 

Configure Email+ AppConnect

The following steps describe how to configure AppTunnel with Standalone Sentry.


  1. In the Ivanti EPMM Admin Portal, go to Services > Sentry > Add New > Standalone Sentry.

  2. In the New Standalone Sentry window, enter the Sentry Hostname / IP.

  3. Select the Enable AppTunnel checkbox, and deselect Enable ActiveSync .

    If Enable AppTunnel is enabled, other Sentry services such as Kerberos Proxy and Email+ Notification Service are disabled.

  4. In the Device Authentication Configuration section:

    • Select Identity Certificate from the drop-down menu.

    • Upload Local CA to the Trusted Root Certificate Upload field.

  5. In the AppTunnel Configuration section, add <TCP_ANY> as AppTunnel service in Services.
  6. Go to Policies & Configs > Add New > Certificate Enrolment > Local. As Local CAs select Local CA uploaded to Sentry.

Configuring AppTunnel rules for Email+

The following steps describe how to configure AppTunnel rules for Email+.


  1. In the Admin Portal, go to Policies & Configs > Configurations.

  2. Select the Email+ configuration and click Edit.

  3. In the AppTunnel Rules section, create new rules as follows:

    Item Description
    AppTunnel Rules
    Sentry Select the Standalone Sentry that you want to tunnel the URLs listed in this AppTunnel entry. The drop-down list contains all Standalone Sentrys that are configured to support AppTunnel.
    Service Select a Service Name from the drop-down list. This service name specifies an AppTunnel service configured in the App Tunneling Configuration section of the specified Sentry.

    URL Wildcard

    Enter one of the following:

    • A content server’s hostname


    • A hostname with wildcards. The wildcard character is

    Example: *

    If you want finer granularity regarding what requests the Standalone Sentry tunnels, configure multiple AppTunnel rows.


    Enter the port number that Email+ requests to access.

    App data is tunneled only if the app’s request matches the hostname in the URL Wildcard field and this port number.

    If a port number is not configured, for http and https traffic, the default port is used. The default port used for http is 80 and the default port used for https is 443.

  4. In the AppTunnel Rules section, go to Identity Certificate and select the certificate that you configured in Step 6 from the drop-down menu.

    After configuring and successfully connecting the Email+ app with AppTunnel, the Tunnel record appears in Apps > App Tunnels.

    For more information on configuring Standalone Sentry for AppTunnel, see Standalone Sentry for AppTunnel section in the Ivanti Sentry Guide for Ivanti EPMM