Qlik Community

Ask a Question

Knowledge Base

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Live chat with experts, bring your API Integration questions. June 15th, 10 AM ET. REGISTER TODAY

App Based VPN Solution (AirWatch / MobileIron and more) with Qlik Sense

Digital Support
Digital Support

App Based VPN Solution (AirWatch / MobileIron and more) with Qlik Sense

Connectivity to the Qlik Sense Hub using a Per App VPN has been positively validated with iOS 13.5 (May 2020). However older releases of iOS 13 do not support Qlik Sense Mobile together with Per App VPN.

When using a Per-App VPN on an IOS device with older iOS versions, only a white screen or app rain is presented when trying to access a Qlik Sense application. This does not affect users on Android devices.

  1. Known iOS issues in iOS 10, early iOS 11 affected modern web browsers, and all Airwatch/MobileIron managed web browsers. As Qlik Sense requires websockets communication (a HTML 5 standard) between web client and Qlik Sense web server, communication on those iOS versions could not be guaranteed. 
  2. Furthermore iOS 13.0 (Sept 2019) broke “Split Tunneling” capabilities that Qlik Sense Mobile requires for Per App VPN connectivity to on-premise instances of Qlik Sense Enterprise. This prevented Qlik Sense Mobile from working properly with MobileIron, PaloAlto GlobalProtect, AirWatch and other Enterprise Mobility Management (EMM) suites.


Opening Hub bubbles.png



We recommend that Qlik customers configure their EMM to disable automatic upgrades to iOS 14.0 (when available) until it has been confirmed that Apple continues to support the required connectivity.

Browser connectivity from iOS devices to Qlik Sense Enterprise requires that the browser utilizes Apple’s WKWebView rendering engine. The older (now deprecated) UIWebView engine does not support Qlik’s stylesheets satisfactorily, and may not route websocket traffic correctly (for example, Citrix Secure Web v20.5 uses UIWebView and does not support Websocket Connectivity to on-premise instances of Qlik Sense Enterprise even though the corresponding Netscaler Appliance does).

Other network infrastructure between the browser and the Qlik Sense Hub must support long-duration HTML5 Websocket connections. This can be validated by uploading QlikSenseWebsocketTest.html from https://github.com/flautrup/QlikSenseWebsocketConnectivityTester into the Qlik Sense Content Library, and accessing it with a browser. Output should resemble https://sense-demo.qlik.com/content/default/QlikSenseWebsocketTest.html

It may be necessary to enable a KeepAlive feature in the Qlik Sense Proxy, to prevent Network Infrastructure from prematurely terminating apparently idle websocket connections. Such terminations cause a “Lost Connection” message to be displayed to the User, and they have to refresh the browser (losing their Current Selections) to proceed with their analysis.

Qlik Sense Mobile uses TCP communication between components within the app, and the VPN Client must be configured with “Split Tunneling” to ignore traffic otherwise Qlik Sense Mobile will display a blank screen or a networking error message. Properly configured AirWatch and MobileIron environments do now (since iOS 13.4) support connectivity to Qlik Sense Enterprise.

Labels (1)
Version history
Revision #:
2 of 2
Last update:
‎2021-05-07 10:23 AM
Updated by: