Secure Microtunnel

The Secure Microtunnel policy establishes secure IPsec tunnels for individual mobile apps, securing the device's data in transit. Only the secured app has access to the connection, preventing rogue or malicious apps from accessing or performing reconnaissance on corporate networks.

Note: A mobile user on an IPv6 network can establish a secure microtunnel to the Blue Cedar Gateway if the IPv6 network includes a NAT64 gateway connection to the gateway.

The Mobile User Experience

The first time users launch an app that requires a secure connection, they are asked to enter their credentials, and they see any acceptable use policy that has been configured on the gateway. 

The Secure Microtunnel policy also includes several checks and settings that may affect the mobile user experience: 

• Offline mode: If the app cannot connect or loses its connection, the user may be able to continue using the app offline, or the app may terminate, depending on the offline mode setting and whether the app has successfully enrolled. (Configured in the Secure Microtunnel profile. See Offline mode behavior.)
• Multiple auth-groups: Users who are not part of an authorized auth-group see an "unable to connect" error. For more information about setting the auth-group, see the Secure Microtunnel profile details and "Configuring AAA" in the Gateway IT Administrator's Guide. 

Offline mode behavior

You can set offline mode within the Secure Microtunnel policy to allow end users to access corporate apps even without being connected. Users may be in an environment with no cell or wi-fi coverage or may need to be in airplane mode. If offline mode is not enabled, users cannot access a secured app when there is no connection to the corporate servers.

When offline mode is disabled, the app behaves like this:

When offline mode is enabled: