APM : is VMware Workspace One supported as an Endpoint Management System?
Hello, In the past, we added our on-premises Airwatch server in the Endpoint Management Systems list. We used this feature to check if the smartphones connecting to the VPN were properly enrolled. We used this feature only for a few users. We migrated to VMware Workspace One in SaaS mode but we forgot about this feature. Is VMware Workspace One supported as an Endpoint Management System? Could F5 APM connect to WSO API? When adding our WSO instance as Airwatch, we got a "General configuration error". Thank you ThomasiRule to restrict activesync traffic to particular IPs but allow all other Exchange traffic
Hi All, I am currently working on an MDM project, in which we are moving to AirWatch to proxy all Active Sync traffic. In order to force all users to use Airwatch for all ActiveSync, we need to be able to drop all ActiveSync Traffic on our Exchange CAS Pool. As we are currently on Exchange 2013, virtually all traffic goes via https_443, hence we need to be able to drop only ActiveSync traffic that is not coming from our two AirWatch Servers but allow all other traffic (ie OWA, RPC, AutoDiscovery, etc..) Below is a sample of code I have created to hopefully achieve this, would this work? and any recommendations? when HTTP_REQUEST { log local0. "Client IP: [IP::client_addr]" log local0. "URI: [HTTP::uri]" if {string tolower [HTTP::uri] contains "/Microsoft-Server-ActiveSync*" and not ([class match [IP::client_addr] equals Airwatch_SEG_Servers]) } { log local0. "dropped connection" reject } else { pool EXCHANGE_2013_https_int_pool } } I have a Data Group called Airwatch_SEG_Servers containing the IPs of my two Airwatch Servers which will proxy the ActiveSync Traffic Thanks in Advance, Monty
Airwatch Admin Console
I have a particular situation where the Airwatch admin may not use the Airwatch Admin Console for more than 5 minutes. When he returns and begins clicking around in the application it takes him back to a sign on screen. I have created a new TCP profile and changed the idle timeout to 1800 seconds, and they say they have changed it to that on the servers as well. But he continues to have the issue. I did a Wireshark capture and it appears that at 4.5 minutes the client begins a FIN/ACK process, tearing down the connection. So, my assumption was that this was something set by a cookie or otherwise from the application. However, when they use a hostfile and point it directly at the server they do not have the timeout issue. I am using source address persistence, my custom TCP profile, and the pool is in an active/passive situation by the request of the Airwatch SE. Any ideas on what could be the issue or further ways to troubleshoot? Thanks Jim
iOS and Android F5 Edge Client enrolled in MDM - prevent ability for manually created profiles
Hi all, Hoping to get some help or advise..... I have a client who we are setting up in AirWatch and deploying F5 VPN Edge Client to devices (Android and iOS). Authentication with F5 APM is via user certificate, issued from NDES server via AirWatch. We have configured for per-app vpn use. Once device is enrolled and VPN policy installed on to device, we have found that it is possible for an end user to create an additional profile in client, using same certificate that was issued via AirWatch, thus enabling an end user to create a secondary profile and then have whole device vpn into their infrastructure. We would like to prevent this from happening - ability for whole device to vpn into their infrastructure. Is there a way to either: - Prevent end user from creating their own profiles in F5 Edge client - Prevent end user, when creating their own profiles, to create additional profile using certificate in configured profile - Prevent whole device from vpn'ing into infrastructure and only accept per-app vpn connections Or am I going about this completely the wrong way. Thanking the community in advanced. Cheers, Tina.
How to setup F5 LTM to allow powershell commands through VIP to exchange servers for Airwatch
We have recently purchased F5 LTM to loadbalance MS Exchange 2010. Used Iapp to set it up and it works great. Now we are looking to deploy Airwatch for mobile devices and Airwatch needs to use powershell to talk to the exchange servers. I have been searching high and low and don't seem to see what I need to configure for powershell through VIP. We are using same URL structure as email vip, example https://exch01.com/owa (works) https://excho1.com/powershell (doesn't work). Any tips,trick, or config help would be greatly appreciated. Thanks!!