Split Tunneling using Ivanti Tunnel

Due to Apple deprecation of support for UIWebView and the impact that has on AppConnect AppTunnel on iOS, there is a new option, Enable Split Tunneling using Tunnel in the AppTunnel configuration for Web@Work on unified endpoint management (UEM) platform.The UEM platforms are Ivanti Neurons for MDM or Ivanti EPMM

Before enabling the option in UEM, ensure that Tunnel is deployed and the Tunnel VPN configuration is applied to the Web@Work for which you are enabling the split tunneling option.

Enabling the split tunneling option allows the tunnel rules to be applied to Tunnel for Web@Work. The new feature is introduced due to the planned deprecation of the UIWebView API by Apple.

The Web@Work configuration for split tunneling overrides the Access configuration for split tunneling, this does not impact the other apps that use Access configuration.

In addition to Tunnel 4.1.0, the feature requires either one of the following:

  • Mobile@Work 12.3.0 and Ivanti EPMM 10.7.0.0.
  • Go 5.4.0 and Ivanti Neurons for MDM 70.

For information about configuring AppConnect App Configuration and AppTunnel configuration on Ivanti Neurons for MDM, see "Configuring AppConnect Apps" and "Configuring AppTunnel traffic rules" sections in the Ivanti Neurons for MDM Administrator Guide.

For information about configuring AppConnect App Configuration on Ivanti EPMM, see "AppConnect app configuration" in the Ivanti EPMM AppConnect and AppTunnel Guide.

The feature requires Mobile@Work 12.3.0 and Tunnel 4.1.0 for iOS. For information about the UIWebView API deprecation, see UIWebView Deprecation and AppConnect Compatibility.

Configuring split tunneling with Ivanti Tunnel (Ivanti EPMM)

This section describes the steps to configure split tunnel on Web@Work.

Before you begin 

  • Ensure that Sentry service is active. For more information, see Enabling split tunneling section in the Access Guide.
  • Ensure that Tunnel is deployed and a Tunnel VPN configuration is applied to the AppConnect app. For information about deploying Tunnel for iOS, see the Ivanti Tunnel for iOS Guide.

Adding Per App VPN to Ivanti Web@Work app

The following steps describe how to add Per App VPN to Web@Work configuration. Ensure that Per App VPN profile is already created.

Procedure 

  1. In the Admin Portal, go to Apps > App Catalog.
  2. Click Web@Work, click Edit.
  3. Under the Per App VPN Settings, select Per App VPN by Label Only checkbox.
  4. Select the VPN available in the list and click the right arrow.
  5. Click Save.

Editing Ivanti Web@Work Configuration

The following steps describe how to edit Web@Work configuration to enable Split Tunneling on Ivanti EPMM

Procedure 

  1. In the Admin Portal, go to Policies & Configs > Configurations.
  2. Select the check box for Web@Work configuration.
  3. Click Edit, in the Edit Web@Work Setting page, go to AppTunnel Rules.
  4. Under the AppTunnel Rules section, select the Enable Split Tunneling using Tunnel option.
  5. Click Save.

For information about configuring AppConnect App Configuration, see "AppConnect app configuration" in the AppConnect for Ivanti EPMM Guide and Ivanti Tunnel for iOS Guide.

For more information Creating Per App VPN or Tunnel VPN setting, see VPN settings in the Ivanti EPMM Device Management Guide for iOS and macOS Devices.

Configuring split tunneling with Ivanti Tunnel (Ivanti Neurons for MDM)

This section describes the steps to configure split tunnel on Web@Work for Ivanti Neurons for MDM.

Before you begin 

  • Add and configure Tunnel app. For more information, see Main tasks for configuring Tunnel for iOS (Ivanti Neurons for MDM) section in the Ivanti Tunnel for iOS Guide.
  • Ensure that you have a Standalone Sentry set up for AppTunnel and the necessary device authentication is also configured. See “Configuring Standalone Sentry for app tunneling” in the Ivanti Sentry Guide for Ivanti EPMM and Ivanti Sentry Guide for Ivanti Neurons for MDM.
  • Ensure Per App VPN is created.

Editing Ivanti Web@Work configuration

The following steps describe how to edit Web@Work configuration to enable Split Tunneling on Ivanti Neurons for MDM.

Procedure 

  1. In the Web@Work App Configuration > AppTunnel, click + icon.
  2. Enter the Name of the configuration.
  3. In the App Tunnel section, edit the following fields:
    1. Sentry Profile
    2. Turn ON the Enable Split Tunneling using Tunnel option.
  4. Add App Tunnel rules.
  5. Choose a distribution option for the configuration.
  6. Click Save.
  7. In App Configuration > Per App VPN and click + icon.
  8. Enter the Name of VPN configuration.
  9. Select the Enable Per-App VPN for this app check-box to select MI Tunnel configuration from the drop-down list.
  10. Choose a distribution option for the configuration and click Done.
  11. Click Save.

After configuring split tunneling, ensure that the configurations are pushed to the device.

For more information, see https://forums.ivanti.com/s/article/UIWebView-deprecation-Transition-guidance-for-Web-Work-and-Docs-Work.