Support for anti-phishing with Mobile Threat Defense

Ivanti Tunnel VPN supports anti-phishing with a Mobile Threat Defense (MTD) setup that is enabled for anti-phishing.

You must have the following set up:

• On the Threat Management Console, an Anti-phishing policy.

• On a Unified Endpoint Management (UEM) platform, an anti-phishing policy with the Use VPN to analyze malicious URLs option selected.

• On the UEM, add Ivanti Tunnel for distribution to devices.

• Anti-phishing support is provided with Ivanti Tunnel for Android native and Android Enterprise. Samsung Knox is not supported.

• Anti-phishing checks are not applied to Sentry and Access traffic.

• Enable the Phishing Local Classifier and Remote classifier flags in the group on the Mobile Threat Management Console. Otherwise, the detection of phishing URLs is inconsistent across different types of Android devices.

For information about setting up anti-phishing with Threat Defense, see "Advanced phishing protection for managed devices" in the Mobile Threat Defense Solution Guide for Ivanti Neurons for MDM or Ivanti Threat Defense Solution Guide for Ivanti EPMM.

Ivanti Neurons for MDM deployments — See the following:

• Adding and configuring the Ivanti Tunnel app for Android native (Ivanti Neurons for MDM)

• Adding and configuring the Ivanti Tunnel app for Android Enterprise(Ivanti Neurons for MDM)

Ivanti EPMM deployments — See the following:

• Distributing through the app storefront (Ivanti EPMM)

• Adding and configuring the Ivanti Tunnel for Android Enterprise (Ivanti EPMM)

Ivanti Tunnel for Android native

No additional Tunnel configurations are required for supporting anti-phishing. However, make sure to add the Ivanti Tunnel app to UEM and distribute the app to devices.

A default Ivanti Tunnel VPN configuration that supports anti-phishing is automatically available in the UEM. On Ivanti EPMM, the default Ivanti Tunnel configuration is available when you upgrade to Ivanti EPMM 11.0.0.0. If the option Use VPN to analyze malicious URLs is enabled in the anti-phishing policy on UEM, the default Ivanti Tunnel VPN configuration is automatically distributed to the devices to which the anti-phishing policy is distributed.

If you already have Ivanti Tunnel for Android native deployment using a custom Tunnel VPN configuration, the configuration is automatically updated to consume the MTD license and keys.

After initially deploying Ivanti Tunnel VPN to use for anti-phishing with Mobile Threat Defense, if you also want to deploy Ivanti Tunnel VPN to use with Access or Sentry, create a custom Tunnel configuration as described in one of the following sections. Use the link appropriate to your UEM:

• Configuration tasks overview for Ivanti Tunnel for Android native (Ivanti Neurons for MDM)

• Configuration tasks overview for Ivanti Tunnel for Android native (Ivanti EPMM)

The custom configuration automatically consumes the Threat Defense license and key and is also automatically distributed to devices applied to the Threat Defense label. The custom Tunnel configuration is replaces the default Tunnel configuration on devices.

Ivanti Tunnel for Android Enterprise

For Tunnel for Android Enterprise deployments, in addition to the anti-phishing policy configurations on the Threat Management Console and the UEM, do one of the following:

• For a new Tunnel for Android Enterprise deployment, select the Use Tunnel for Anti-phishing only option when configuring Tunnel for Android Enterprise on the UEM.

• If you already have a Tunnel for Android Enterprise deployment, in the Configuration Choices section of the Ivanti Tunnel configuration, add a new configuration and select Use Tunnel for Anti-phishing only.

See one of the following for information about configuring and distribution Tunnel for Android Enterprise. Use the link appropriate to your UEM:

• Configuration tasks overview for Android Enterprise (Ivanti Neurons for MDM)

• Configuration tasks overview for Android Enterprise (Ivanti EPMM)

Ivanti Tunnel deployment options for anti-phishing with MTD

You can deploy Tunnel VPN for anti-phishing with Mobile Thread Defense (MTD) only or in addition to Tunnel VPN with Sentry and Access. Any combination of the following Tunnel VPN deployments are supported:

• Data traffic to enterprise resources: This requires a Sentry deployment.

• Authentication traffic to enterprise cloud resources: This requires a Access deployment.

• Analyze phishing URLs: This requires an MTD deployment.

Anti-phishing checks are not applied to Sentry and Access traffic.

Ivanti Tunnel VPN and MTD deployment anti-phishing blocking behavior

The following table provides some Ivanti Tunnel VPN and MTD deployment scenarios and the corresponding anti-phishing blocking behavior.

Table 3.  ivanti tunnel vpn and mtd deployment scenarios and anti-phishing blocking behavior

Ivanti Tunnel VPN + MTD deployment scenario	Anti-phishing blocking behavior
Route is not configured in Tunnel configuration. The default route is 0.0.0.0/0.	All traffic is routed to Sentry. Phishing URLs are not blocked.
Route is configured in Tunnel configuration. For example, 10.0.0.0/8.	Traffic in the range 10.0.0.0/8 is routed to Sentry. Phishing URLs are not blocked for traffic going to Sentry. Phishing URLs for traffic that is not in the range 10.0.0.0/8 is blocked.
On Android Enterprise in Work Profile mode, in Tunnel configuration, Route is not configured. The default route is 0.0.0.0/0. A web browser is configured in the allowed app list. For example, Chrome. Another web browser is available in the container, but is not configured in the allowed or disallowed app list. For example, Firefox.	Phishing URLs from Chrome are not blocked. Phishing URLs from Firefox are blocked.