Enable sinkhole VPN mitigation for iOS devices

Network threats can be mitigated using a sinkhole VPN profile in the MTD Local Actions policy. Once you enable the MTD Local Actions Network Sinkhole option, you can optionally specify specific IP addresses, domains, and countries through the Threat Management Console. See Sinkhole mitigation by IP address, domain, or country.

NOTE:

MobileIron recommends selecting the Network Sinkhole action ONLY for network-related threats. Use of Network Sinkhole action for device and application threats can result in disabling network connectivity to the device without the ability to restore network connectivity.

Before you begin 

• Make sure you have reviewed Creating MTD local actions in Core.

Procedure 

1. From the MobileIron Core Policies & Configs > Policies page, create or edit an MTD local action configuration.

2. From a threat in the Network Threats section, select Network Sinkhole from the Local Action iOS column.

   

3. Finish your configuration choices, and click Save. The Policy page displays, with your updated configuration.

   NOTE:

   The VPN configuration cannot be edited. To remove the configuration, remove the Network Sinkhole options from the configuration.

4. To push this configuration to devices, select the configuration.
5. Click Actions > Apply to Label. The Apply to Label menu displays.
6. Select the device labels that will receive the configuration.
7. Click Apply. The configuration is pushed to labeled devices.