Tunnel VPN for Windows 10 field description

Use the following guidelines to configure Tunnel for Windows 10 VPN.

Table 2.  Tunnel (Windows) configuration field description

Item

Description

Name

Enter a name for the Tunnel for Windows VPN setting.

Description

Enter a description for the profile.

Connection Type

(Core)

Select Tunnel (Windows).

Only fields relevant to Tunnel are displayed.

Profile selection mode to use for this configuration
(Cloud)

Select one of the following:

Sentry Profile Only: Select if Tunnel traffic goes only through Standalone Sentry.

Access Profile Only: Select if Tunnel traffic goes to Access. This option is available only if an Access as a service deployment is set up.

Sentry (Profile)

Core: Select the Standalone Sentry on which you created the IP_ANY tunnel service for Windows 10 Desktop devices.

Cloud: Select the Standalone Sentry profile on which you created the Tunnel service for Windows.

Sentry Service

Core: Select the IP_ANY service that Tunnel for Windows will use.

Cloud: Select the Tunnel for Windows service.

SCEP Identity

(Cloud)

Select the Identity Certificate configuration you created for Tunnel.

This option is available only for Access Profile mode.

If Sentry Profile Only is selected, the Identity Certificate is automatically selected, and the option is disabled.

Debug Info Recipient

(Cloud)

For Core, the setting is configured using key-value pairs in Custom Data.

Enter a valid email address. The device debug logs are sent to the configured email address.

When users tap Email Debug Info, the To field is auto filled with the configured email address.

Identity Certificate

(Core)

Select the Certificate Enrollment setting you created.

Send All Traffic

(Core)

Not applicable to Windows 10 Desktop devices. Windows 10 Desktop devices will ignore this setting.

Windows Configuration (Core)

Always On

(Core)

Select to trigger Tunnel VPN when the user logs in to Windows 10 desktop.

Do not select if you want to restrict which apps trigger Tunnel VPN.

By default, Always On is not selected.

Secured Resources

(Core)

Not applicable to Windows 10.

Windows 10 will ignore this setting.

Define Tunnel App Settings (Cloud)

Standard Tunnel App Settings: Create app groups and define route for the group.

Always On

(Cloud)

Select to trigger Tunnel VPN when the user logs in to Windows 10 desktop.

Do not select if you want to restrict which apps trigger Tunnel VPN.

By default, Always On is enabled.

Disable Certificate Pinning

(Cloud)

Select to disable certificate pinning. By default, certificate pinning is enabled.

App Type

(Cloud)

Select one of the following:

PFN Equals

EXE Path Equals

App Identifier

(Cloud)

Depending on the App Type you selected, enter one of the following:

For PFN Equals, enter the package family name for Windows Store apps. Example: Microsoft.MicrosoftEdge_8wekyb3d8bbwe

For EXE Path Equals Enter the full path for legacy apps. Example: %PROGRAMFILES% (x86)\Google\Chrome\Application\chrome.exe

Traffic Filter

(Cloud)

If a filter is not configured, all traffic is sent through Tunnel.

DNS Domain

(Cloud)

(Optional) Enter the domain name for which traffic is sent through Tunnel.

Use this option if you need to resolve the domain name.

DNS Server IP

(Cloud)

Enter the IP address of the DNS to resolve the domain name entered in DNS Domain.

Custom Data (Core) / Advanced (Cloud)

Enter Key Value pairs to configure Tunnel behavior. You can use key-value pairs to control which apps trigger Tunnel, which traffic goes through Tunnel, idle session timeout, log levels, and viewing of debug diagnostic information.

For Cloud deployments, if your profile mode is Access only, select Advanced to configure key-value pairs so that Tunnel VPN traffic goes to Access.

The Advanced option in Cloud is not automatically available. Please contact Customer Support to enable the Advanced feature for your tenant.

See Key-value pairs for Access (Cloud).

See Key-value pairs for custom data.