When a Mobile Connect user removes authorization of an app, the application no longer remains a
VPN-controlled app. Any further access through the app behaves like the app was never in the App. Checking or
unchecking an app takes effect immediately. There is no need to disconnect and reconnect Mobile Connect.
When using Application Access Control can a user continue to access network resources or personal web sites
with an application approved for use if the user removes authorization of the application?
For example, while a user is accessing a corporate resource with Chrome (an application approved for use) the
following steps occur in this instance:
When Chrome is checked, Chrome can send traffic over the corporate network.
When Chrome is unchecked, the client guarantees that none of the user’s traffic is sent via the tunnel to the corporate network.
Whether Chrome is checked or unchecked, if the user navigates to a location not on the corporate network that traffic flows out the user’s normal network interface. Traffic to/from a location not on the corporate network never uses the tunnel. That is, SMA always uses Split Tunnel and never redirects all when using Application Access Control.
Traffic to destinations inside the corporate network that the user has been granted access to will be
either delivered to the tunnel if the app is checked or dropped if the app is unchecked. Traffic to
destinations inside the corporate network will never flow out the normal interface of the user’s device.
The checkbox only controls if the traffic is dropped on the floor or sent down the tunnel, it does not have
the ability to determine where the traffic will flow. That kind of dynamic routing is not something we can
support with the current client interfaces.
It is not strictly true that applications under control are not affected by the VPN. If the Mobile Connect client is
running and connected to the server, all traffic bound for IP addresses on the corporate network from ANY
application (even those not listed) is captured. Traffic not from a listed application is dropped. This is important
if there are IP address collisions, those same issues can occur with Application Access Control and will affect all
applications on the user's device whether they are under control or not under control.
Was This Article Helpful?
Help us to improve our support portal