AppTunnel with HTTP/S tunneling

Using Ivanti’s AppTunnel feature, a secure enterprise app can securely tunnel HTTP and HTTPS network connections from the app to servers behind a company’s firewall. A Standalone Sentry is necessary to support AppTunnel with HTTP/S tunneling. The server administrator handles all HTTP/S tunneling configuration on the server Admin Portal. Once configured, the AppConnect app wrapper, the client app, the Secure Apps Manager, and a Standalone Sentry handle tunneling for the app.

Supported APIs

An AppConnect app can use HTTP/HTTPS tunneling only if the app accesses the enterprise server using one of the following APIs:

  • Android HttpClient
  • DefaultHTTPClient, using the standard Apache HttpClient library with the org.apache.http.package name

HTTP/S tunneling is not supported with non-standard libraries such as the Apache HttpClient library repackaged under the ch.boye.httpclientandroidlib package.

  • OkHttpClient version 2.5 or less when using Generation 1 wrapping
    • Generation 1 wrapping replaces all OkHttp classes with wrapped OKHttp version 2.5 classes. Therefore, the app can have issues if it uses any OkHttp classes or methods in versions newer than 2.5.
    • Generation 2 wrapping does not support HTTP/HTTPS tunneling with any version of OKHttp. However, you can use AppTunnel with TCP tunneling when using Generation 2 wrapping.
  • ModernHTTPClient in apps built with the Xamarin development platform

Use these APIs as you normally would. Whether the server administrator has configured tunneling for the app does not impact how you use these APIs.

AppTunnel with HTTP/S tunneling is not supported for Cordova or React Native apps, because these apps do not use the supported networking APIs.

Inform the server administrator that your app requires AppTunnel with HTTP/S tunneling, including information about the enterprise server that it accesses. The administrator requires this information to correctly configure AppTunnel on the server for your app.

AppTunnel with TCP tunneling

HTTP/S redirects

If a server redirects an HTTP/S request (tunneled or not) to another URL, if the URL matches an AppTunnel rule, the request is tunneled only if the wrapped app uses the class DefaultHTTPClient.

If the app uses other APIs that support HTTP/S tunneling, redirected requests are not tunneled.

HelloAppTunnel sample app

A sample app called HelloAppTunnel demonstrates using each of the APIs in Supported APIs.

Sample apps, tester app, and Cordova plugin