Limitations

These are cumulative release notes. If a release does not appear on this section, then there were no associated limitations.

  • 1556174: If an IP is present in both the ExcludeRoutes and also corresponds to a FQDN in the FqdnAllowedList, the traffic is still routed via Sentry in Sentry-only mode.

  • 1556165: Pages do not load for URLs that are part of the FqdnAllowedList when accessed using an app that is not included in the AllowedAppList, in Sentry + MTD mode.

  • 1424592: When app restriction enableOpenssl is enabled, a handshake failed error is displayed in Ivanti Tunnel for Samsung S9/9.0 and Samsung S8/8.0 devices.
    Workaround: Create a new configuration for Ivanti Tunnel for the devices that are having the issue and disable the enableOpenssl app restriction.
  • TA-1512: URLs are not working when MTD is disabled and private DNS is enabled.
  • TA-1488: Some URLs are not being blocked as expected, when added to the Access Control List (ACL).
  • TA-1476: After Ivanti Tunnel with MTD is installed, the blocking of phishing websites can take between 5 and 20 minutes to become active.
    Workaround: Toggle the Ivanti Tunnel VPN off and back on to start anti-phishing working immediately.
  • TA-1462: When Ivanti Tunnel is configured for MTD only (without Sentry or Access), blocked phishing URL notifications sometimes do not display as expected.
  • TA-1449: On devices with Android 12, Ivanti Tunnel requests to approve the VPN connection after editing the Android Enterprise configuration to uncheck 'Always-on VPN' option.
  • TA-1384: Phishing enablement state is incorrectly shown as "Phishing not enabled" after registering first time with Zimperium.
    Workaround: Ivanti Tunnel turn OFF and ON resolves this issue.
  • TA-1403: When first enabled, in some cases, phishing URLs are not blocked on newly registered devices for several hours.
  • TA-1384: Phishing enablement state is incorrectly shown as Inactive. Restarting Tunnel resolves this issue.
  • TA-1376: In a MobileIron Threat Defense deployment, if the certificate is missing, the user interface (UI) for selecting the Tunnel certificate flickers.
  • TA-1294: Registering with the Threat Management Console for the first time takes very long.