Creating Ivanti Tunnel VPN configuration for Samsung Knox Workspace (Ivanti EPMM)

The Ivanti Tunnel (Samsung Knox Workspace) VPN configuration determines, DNS, and app behavior.

Before you begin

Enable Standalone Sentry for AppTunnel.
Set up Standalone Sentry to use identity certificates for device authentication.
Create a certificates enrollment setting in Ivanti EPMM. The identity certificate generated must be trusted by the certificate chain in the certificate you uploaded to Standalone Sentry for device authentication.

Procedure

Configure the following:

Item	Description
Connection Type	Select Tunnel (Samsung Knox Workspace)
Sentry	Select the Standalone Sentry on which you have enabled AppTunnel.
Identity Certificate	Select the Certificate Enrollment setting you created for Sentry setup for AppTunnel.
VPN Chaining	Disable: Default. Inner: Select to enable VPN chaining.
VPN on Demand	Select the check box to enable VPN on demand. If unchecked, the VPN connection is always on.

Routes List is not supported in the Samsung Knox Workspace. Routes configured here will be ignored.
In DNS Resolver IPs, configure the list of DNS for Tunnel.
Each entry is separated by ‘;’. IPv4 only.
The DNS configured here are different from the DNS for the original Wi-Fi or cellular connection. If needed, the administrator should set the appropriate routes to ensure that DNS routes the requests to the appropriate destination.
In DNS Search Domain List, enter a list of search domains for DNS resolver separated by a semicolon (;).
In Custom Data, add key-value pairs to configure the app.
Click Finish.
Apply the appropriate label to the app to distribute it to Samsung Knox devices.

Next steps

To distribute the app through the app storefront, go to Distributing Ivanti Tunnel through Apps@Work.