You configure Ivanti Tunnel in Ivanti Neurons for MDM.
Before you begin
If you are configuring app proxy VPN, ensure that you have created an Ivanti Tunnel service for iOS / mac with Service Type TCP_ANY in the Standalone Sentry profile.
If you are configuring packet tunnel provider type VPN, ensure that you have created a Tunnel service for iOS / mac with Service Type IP_ANY in the Standalone Sentry profile.
- For information on setting up Standalone Sentry with Ivanti Tunnel service, see “Working with Standalone Sentry for AppTunnel” in the Standalone Sentry Guide for Ivanti Neurons for MDM.
- If you are configuring Ivanti Tunnel for securing authentication traffic with Access see the Access Guide.
Procedure: Overview of steps
- Adding Ivanti Tunnel for iOS to the app catalog in Ivanti Neurons for MDM
- Adding an Ivanti Tunnel configuration in Ivanti Neurons for MDM
Ivanti Tunnel for iOS is available in the app catalog in Ivanti Neurons for MDM.
- In Ivanti Neurons for MDM, go to Apps > App Catalog > +Add.
- In Business Apps, click Ivanti Tunnel (iOS 9+).
Make any updates as necessary and click Next.
You can change the category and add a description.
- Select an option for app delegation and click Next.
- Choose a distribution option for the app and click Next.
- Update the default App Configurations settings as necessary.
- Click Done.
For more information about topics such as app delegation, see the Ivanti Neurons for MDM Guide.
You create the configuration for Ivanti Tunnel in Configurations. You can create multiple Ivanti Tunnel configurations to push to a device. The VPN profiles pushed to a device are listed in Settings > General > VPN, and in Settings > General > Device Management. Depending on the app in use, iOS automatically switches to use the VPN profile applied to the app.
Ivanti Tunnel supports per-app as well as device-level VPN. Choose the appropriate Tunnel configuration depending on whether you are creating a per-app VPN or a device-level VPN.
You can apply both per-app VPN and device-level VPN to a device. However, per-app VPN takes priority over device-level VPN. The device-level VPN is used for apps that are not associated with a per-app VPN.
- In Ivanti Neurons for MDM, go to Configurations > +Add.
- Search for Ivanti Tunnel.
- Click one of the following:
- Ivanti Tunnel: Use this configuration to create a per-app VPN configuration for Ivanti Tunnel.
- Ivanti Tunnel (On Demand): Use this configuration to create a device-level VPN configuration for Ivanti Tunnel.
The Ivanti Tunnel configuration page displays.
- If you selected theIvanti Tunnel configuration, click iOS/macOS.
The configuration for Ivanti Tunnel for iOS displays.
- Add the necessary configurations and click Next.
- Choose a distribution option for the configuration and click Done.
The configuration is distributed to the subset of the devices to which the app is distributed. Select the same distribution option that you selected for the Ivanti Tunnel for iOS app.
- For a description of the configuration fields for Ivanti Tunnel (iOS) VPN, see Ivanti Tunnel for iOS configuration field description.
- For a description of the key-value pairs, see Additional configurations using key-value pairs for Ivanti Tunnel.
When you Add or Edit an app in the App Catalog, you have the option to select the per-app VPN setting to apply to the app. For this workflow, select the Tunnel (iOS) VPN setting you created. This procedure is not needed if you configured device-level VPN using Tunnel (On Demand).
- In Apps > App Catalog, add or edit an app.
- In App Configurations, add the Per App VPN configuration.
- Enter a name for the configuration.
- Check Enable Per-App VPN for this app.
- Select the Tunnel configuration to apply to the app.
- Select a distribution option and click Next.
- Click Done.
For more information about adding and editing apps for distribution, see the following sections in the Ivanti Neurons for MDM Guide:
- “Adding an app from a public store.”
- “Adding an In-house app.”