Ivanti Tunnel for Android native configuration field description

The following table provides field descriptions for the Ivanti Tunnel configuration. There are some variations in field names between Ivanti EPMM and Ivanti Neurons for MDM.

Table 6.   Tunnel configuration field description

Item

Description

Name

Enter a name for the Tunnel VPN profile.

Description

Enter a description for the profile.

Connection Type
(Ivanti EPMM)

Select Tunnel (Android).

Only fields relevant to Tunnel for Android are displayed.

Choose OS to create Tunnel Configuration
(Ivanti Neurons for MDM)

Click Android.

Fields relevant to Tunnel for Android are displayed.

Enable Access
(Ivanti EPMM)

Select to enable authentication traffic through Access.

The option is available only if Access as a service is set up with Ivanti. For information about how to set up Access as a service with Ivanti EPMM, see the Access Guide.

Profile selection mode to use for this configuration
(Ivanti Neurons for MDM)

Select one of the following:

  • Sentry Profile Only: Select if Tunnel traffic goes only through Standalone Sentry.
  • Access Profile Only: Select if Tunnel traffic goes to Access. This option is available only if an Access as a service deployment is set up with Cloud.
  • Sentry + Access Profile: Select if Ivanti Tunnel VPN supports both traffic to Access for authentication to enterprise cloud resources and through Standalone Sentry to on-premise enterprise resources. This option is available only if an Access as a service deployment is set up with Ivanti Neurons for MDM.

Sentry (Profile)

Ivanti EPMM: Select the Standalone Sentry on which you created the IP_ANY tunnel service.

Cloud: Select the Standalone Sentry profile on which you created the Tunnel service for Android. The option is not available if the profile mode is Access Profile Only.

Sentry Service

(Ivanti Neurons for MDM)

Select the Tunnel service you created for Android. The option is not available if the profile mode is Access Profile Only.

Identity Certificate
(Ivanti EPMM)

Select the Certificate Enrollment setting you created for Sentry setup for AppTunnel.

Client Cert. Alias

(Ivanti Neurons for MDM)

Select the Identity Certificate configuration you created for Standalone Sentry setup.

If the profile mode is Access only or Sentry + Access, select the same certificate you select for SCEP Identity.

SCEP Identity

(Ivanti Neurons for MDM)

Select the Identity Certificate configuration you created for Ivanti Tunnel.

This field is applicable if the profile mode is Access only or Sentry + Access.

Debug Info Recipient

(Ivanti Neurons for MDM)

For Ivanti EPMM, the setting is configured using key-value pairs in Custom Data.

Enter a valid email address. The device debug logs are sent to the configured email address.

When users tap Email Debug Info, the To field is auto filled with the configured email address.

UI Notification Level

(Ivanti Neurons for MDM)

For Ivanti EPMM, the setting is configured using key-value pairs in Custom Data.

The user will see error notifications or all Tunnel related notifications, based on the level of notifications you configure.

  • Never show notifications: Notifications or errors are not displayed, except if an error occurs upon establishing Tunnel.
  • Error notifications only: Only errors notifications are displayed. This is the default setting if the key-value is configured.
  • All notifications: Error notifications and connect/disconnect confirmations are displayed.

There are no notifications to indicate that an app is blocked or allowed.

Debug Log

(Ivanti Neurons for MDM)

For Ivanti EPMM, the setting is configured using key-value pairs in Custom Data.

Select the log level. The client app can override the VPN profile.

Tunneled Applications

(Ivanti EPMM)

Select one, either Add Allowed Apps or Add Disallowed Apps, to configure the apps that can use Tunnel.

If you select an app from the app catalog, the package name is automatically added. Otherwise, enter the app name and the package name. If the list is empty, all apps are allowed through Tunnel VPN.

Add Allowed apps

Use this setting if you want only the listed apps to use Tunnel VPN.

Only apps in the App Catalog can be added to the app list.

This setting creates a whitelist.

For Cloud,

  • enter a semicolon (;) separated list.
  • if Allowed Apps List is configured, the Disallowed Apps List setting is grayed out and vice versa.

Add Disallowed apps

Use this setting if you do not want the listed apps to use Ivanti Tunnel VPN.

Only apps that are not listed will use Tunnel VPN.

This setting creates a blacklist.

For Cloud,

  • enter a semicolon (;) separated list.
  • if Allowed Apps List is configured, the Disallowed Apps List setting is grayed out and vice versa.

Routes List / Added Routes

Configure the network routes that are allowed through Ivanti Tunnel.

Use CIDR format. Each entry in the list is separated by ‘;’. IPv4 only.

This enables split tunneling where only specific traffic can be taken through Tunnel. The routes configured only impact apps that use Ivanti Tunnel.

Example: 10.0.0.0/8;101.210.48.9/32

In an Access deployment, if routes are not configured, then authentication traffic that is federated through Access goes to Access and all data-traffic goes to Sentry.
Ivanti recommends configuring a route list so that only traffic destined to on-premise enterprise resources goes through Standalone Sentry and all other data traffic goes directly to the destination.

DNS Resolver IP

Configure the list of DNS for Tunnel.

Each entry is separated by ‘;’. IPv4 only.

The DNS configured here are different from the DNS for the original Wi-Fi or cellular connection. If needed, the administrator should set the appropriate routes to ensure that DNS routes the requests to the appropriate destination.

Search Domain

Enter a list of search domains for DNS resolver separated by a semicolon (;)

Custom Data

Add key-value pairs to configure the app. See Custom data key-value pairs for Ivanti Tunnel for Android native and Samsung Knox Workspace for a description of the restrictions.