|
Item |
Description |
|||
|
AppTunnel Configuration |
||||
|
Services To add a new TCP AppTunnel service, click +. * For device authentication with Trusted Front-End, MobileIron supports only F5 servers as the trusted front-end server for TCP tunneling. |
||||
|
Service Name |
The TCP tunnel Service Name is used in the MobileIron Tunnel VPN configuration. Enter one of the following: •A unique name for the service that Safari domain or the app accesses. The name must begin with TCP. TCP is not case sensitive. Example: tcp-mail. The service name cannot contain these characters: 'space' \ ; * ? < > " |. •<TCP_ANY>. Select <TCP_ANY> to allow tunneling to any URL that the app or Safari browser requests. |
|||
|
Server Auth |
The Server Auth is always Pass Through. The Sentry passes through all TCP packets to the backend resource. |
|||
|
Server List |
Enter the backend resource’s host name or IP address (usually an internal host name or IP address). Include the port number on the backend resource that the Sentry can access. Example: resource1.companyname.com:443 Acceptable characters in a host name are letters, digits, and a hyphen. The name must begin with a letter or digit. You can enter multiple servers. The Sentry uses a round-robin distribution to load balance the servers. That is, it sets up the first tunnel with the first server, the next with the next server, and so on. Separate each server name with a semicolon. Example: resource1.companyname.com:443;
|
|||
|
TLS Enabled |
NA |
|||
|
Proxy Enabled/ATC |
Select if you want to direct the TCP Tunnel service traffic through the proxy server. You must also have configured Server-side Proxy or Advanced Traffic Control (ATC). |
|||
|
Server SPN List |
NA |
|||
Cross-realm Kerberos support
Support for cross-realm Kerberos on the Standalone Sentry is enabled by default, and does not require any actions from the administrator.
Cross-realm S4U2Self is supported.
Cross-realm S4U2Proxy is not supported.