Setting the sinkhole action on iOS devices
You can configure an iOS sinkhole option to automatically redirect risky client Internet traffic away from your network.
The process works like this:
When a threat is detected on the device and a Network Sinkhole action is associated with this threat in the Ivanti Mobile Threat Defense policy, the threat triggers the MTD Defender VPN profile to isolate the device from the network, blocking all network traffic. See Creating MTD local actions in Ivanti EPMM.
If, however, the Network Sinkhole settings in the MTD threat management console have also been configured to block or allow specific traffic, the VPN sinkhole profile will block or allow only the IP addresses, groups, or countries you specify. See Sinkhole mitigation by IP address, domain, or country.
After the threat is remediated on the device, the VPN profile is disabled automatically and network traffic is no longer affected by the sinkhole. At this point, blocked browser traffic now succeeds.
While the Network Sinkhole action is active on the device, be aware of the following issues:
- Other threats may not be detected and displayed until the original threat that caused the compliance action to be taken is remediated.
- The full list of threats may not display on the iOS device.