Enabling split tunneling
The split tunneling feature is disabled by default.
To configure split tunneling for iOS devices, enable split tunneling and configure the domains to go to Standalone Sentry or direct to destination.
Deleting a Standalone Sentry configuration from an UEM and performing a sync removes the Standalone Sentry data from Access. This also disables split tunneling. To stop traffic from being redirected, Publish the changes in Ivanti Access.
Before you begin
•To access on-premise enterprise resources through Standalone Sentry, ensure that you have deployed Standalone Sentry and that the Standalone Sentry is selected in the Ivanti Tunnel VPN configuration.
•In an Ivanti Access + Standalone Sentry deployment, ensure that you have an SP and IdP pair configured. An Access profile is created only if an SP-IdP pair is configured. Assign Standalone Sentry to the profile. Assigning the Standalone Sentry to an Access profile, allows Standalone Sentry to pull the Access configurations, which includes the split tunneling configuration. The SP-IdP pair can be an SP-IdP pair with dummy data.
Procedure
1. | In Ivanti Access, go to Profile > Split Tunneling. |
The Split Tunneling Configuration page displays.
2. | For Enable Split Tunneling, move the toggle to On. |
By default, traffic that does not go to Ivanti Access goes directly to destination.
3. | To change the default behavior, click the link next to Default Action. |
For more information, see the KB article.
When you enable split tunneling, the Tunnel authentication traffic to Access rule is added by default. This rule is the default domain to which traffic is sent. The rule cannot be edited.