Deployment use cases with Ivanti Tunnel for iOS

Ivanti Tunnel enables native per-app and device level VPN on iOS devices. Ivanti Tunnel is part of the following deployments for securing access to enterprise resources:

UEM and Standalone Sentry.
UEM and Access.

The following use cases are enabled with these deployments:

access to internal corporate URLs from the Safari browser.
per-app VPN for managed apps (managed apps do not need AppConnect wrapping or SDK).
device-level VPN.
single sign-on.

App proxy provider and packet tunnel provider

Ivanti Tunnel for iOS supports app proxy provider and packet tunnel provider VPN tunnels.

For apps that use a TCP connection, such as Office or GSuite apps, create an app proxy Ivanti Tunnel VPN configuration. An app proxy Ivanti Tunnel VPN configuration is applicable per app only. Previously, this was the only option available with Ivanti Tunnel.

For apps that use an IP connection (such as Skype for Business an Microsoft Teams), create a packet tunnel provider Ivanti Tunnel VPN configuration. A packet tunnel provider Ivanti Tunnel VPN configuration can be configured to be either per-app or device-level.

For additional information about use cases with specific types of apps, see the knowledge base article in the Support Community: iOS and macOS - What are VPN Provider Types Packet-Tunnel and App-Proxy?

Standalone Sentry supports only limited types of UDP traffic, such as DNS traffic. Audio and video traffic through Standalone Sentry is not supported. Therefore, Ivanti recommends configuring SplitUDPPortList to manage UDP traffic. See UDP traffic.
Split-tunneling for IP routes is supported only for device-level VPN. Configure the routes to through Ivanti Tunnel in the Included Routes (Added Routes) field in the Ivanti Tunnel VPN configuration. See Ivanti Tunnel for iOS configuration field description.
Multiple per-app VPN configurations are supported on a device. However, only one device-level VPN configuration is supported on a device.