How to perform tunneling with the iOS SDK

Note: For this documentation, we are using iOS SDK version 5.4.1. 

The purpose of app tunneling is to redirect the traffic in your application through a specific gateway to access internal resources in your organization. This is possible through the use of the AirWatch Mobile Access Gateway (MAG), an F5 or a standard proxy.



Due to platform and other technical limitations, only network traffic made from certain network classes can tunnel. Here are some notes regarding the supported classes and known limitations:

NSURLConnection - Calls made using NSURLConnection tunnel with one exception that calls made synchronously on the main thread do not tunnel.

NSURLSession – Calls made using NSURLSession tunnel only on iOS 8 devices and depend on the configuration used. Default and ephemeral configuration types tunnel; however, background configuration types do not tunnel.

CFNetwork – Most calls made using CFNetwork tunnel; however, CFSocketStream does not tunnel.

URLs containing .local – Requests with URLs containing .local do not tunnel. Various Apple services on the device utilize this .local string pattern, so the SDK does not attempt to tunnel these requests through the Mobile Access Gateway (MAG) in order to avoid interfering with these services.


Implementation in Xcode

You do not need additional code to utilize the app tunnel in your application aside from the SDK initialization code.

In order to activate app tunneling, make sure this app has an SDK profile assigned to it in the AirWatch Admin Console and that the profile has App Tunneling enabled with a proper proxy configuration. When you call start in AWController, it reads the SDK profile assigned to your application and determines if it needs to start the traffic redirection service for your application.

Once you receive the initialCheckDoneWithError callback from the AWSDKDelegate, check to see if the error object is nil or not. 

Have more questions? Submit a request


Article is closed for comments.