This tunneling option allows you to route this connection to another host/port, and useful for those situations. The field can either take "HOST:PORT", ":PORT", or "HOST:". In the first format, JNLP slave agent will connect to the given TCP port on the given host, and assume that you've configured your network so that this port forwards the connection to Hudson's JNLP slave TCP port.
In the latter two formats, the default host name and port number (that is, the host name that Hudson runs, and the TCP port that Hudson opened) are used to augment the missing values. In particular the HOST: format is useful if the HTTP reverse proxy is used and Hudson actually runs on another system.