Main tasks for configuring Ivanti Tunnel for iOS (Ivanti Neurons for MDM)

You configure Ivanti Tunnel in Ivanti Neurons for MDM.

Before you begin 

• If you are configuring app proxy VPN, ensure that you have created an Ivanti Tunnel service for iOS / mac with Service Type TCP_ANY in the Standalone Sentry profile.

• If you are configuring packet tunnel provider type VPN, ensure that you have created a Tunnel service for iOS / mac with Service Type IP_ANY in the Standalone Sentry profile.

• For information on setting up Standalone Sentry with Ivanti Tunnel service, see “Working with Standalone Sentry for AppTunnel” in the Standalone Sentry Guide for Ivanti Neurons for MDM.
• If you are configuring Ivanti Tunnel for securing authentication traffic with Access see the Access Guide.

Procedure: Overview of steps

1. Adding Ivanti Tunnel for iOS to the app catalog in Ivanti Neurons for MDM
2. Adding an Ivanti Tunnel configuration in Ivanti Neurons for MDM

Adding Ivanti Tunnel for iOS to the app catalog in Ivanti Neurons for MDM

Ivanti Tunnel for iOS is available in the app catalog in Ivanti Neurons for MDM.

Procedure 

1. In Ivanti Neurons for MDM, go to Apps > App Catalog > +Add.
2. In Business Apps, click Ivanti Tunnel (iOS 9+).

3. Make any updates as necessary and click Next.

   You can change the category and add a description.
   

4. Select an option for app delegation and click Next.
5. Choose a distribution option for the app and click Next.
6. Update the default App Configurations settings as necessary.
7. Click Done.

Next steps 

Go to Adding an Ivanti Tunnel configuration in Ivanti Neurons for MDM.

Related topics 

For more information about topics such as app delegation, see the Ivanti Neurons for MDM Guide.

Adding an Ivanti Tunnel configuration in Ivanti Neurons for MDM

You create the configuration for Ivanti Tunnel in Configurations. You can create multiple Ivanti Tunnel configurations to push to a device. The VPN profiles pushed to a device are listed in Settings > General > VPN, and in Settings > General > Device Management. Depending on the app in use, iOS automatically switches to use the VPN profile applied to the app.

Ivanti Tunnel supports per-app as well as device-level VPN. Choose the appropriate Tunnel configuration depending on whether you are creating a per-app VPN or a device-level VPN.

You can apply both per-app VPN and device-level VPN to a device. However, per-app VPN takes priority over device-level VPN. The device-level VPN is used for apps that are not associated with a per-app VPN.

Procedure 

1. In Ivanti Neurons for MDM, go to Configurations > +Add.
2. Search for Ivanti Tunnel.
3. Click one of the following:
   • Ivanti Tunnel: Use this configuration to create a per-app VPN configuration for Ivanti Tunnel.
   • Ivanti Tunnel (On Demand): Use this configuration to create a device-level VPN configuration for Ivanti Tunnel.

   The Ivanti Tunnel configuration page displays.

4. If you selected theIvanti Tunnel configuration, click iOS/macOS.
   The configuration for Ivanti Tunnel for iOS displays.
5. Add the necessary configurations and click Next.
6. Choose a distribution option for the configuration and click Done.
   The configuration is distributed to the subset of the devices to which the app is distributed. Select the same distribution option that you selected for the Ivanti Tunnel for iOS app.
7. Select one of the following distribution options:
   1. All Devices: Select one of the following options:
      • Do not apply to other spaces.

      • Apply to devices in other Spaces.

   2. No Devices (default)

   3. Custom: Select one of the following options:

      • User/User Groups

      • Device/Device Groups

        In the Distribution Summary, select one of the following options to enable or disable configurations across spaces:

      • Do not apply to other spaces.

      • Apply to devices in other Spaces.

        The checkbox Allow Space Admin to Edit the Distribution appears if you select the Apply to devices in other Spaces option, and it allows the delegated space administrators to edit the distribution for the specific space.

        Irrespective of spaces, you can configure the certificate for all spaces, distribute it to all devices, and apply it to all devices in the other device’s spaces.

8. Click Done.

Next steps 

Go to Applying the Ivanti Tunnel VPN setting to managed apps in Ivanti Neurons for MDM.

Related topics 

• For a description of the configuration fields for Ivanti Tunnel (iOS) VPN, see Ivanti Tunnel for iOS configuration field description.
• For a description of the key-value pairs, see Additional configurations using key-value pairs for Ivanti Tunnel.

Applying the Ivanti Tunnel VPN setting to managed apps in Ivanti Neurons for MDM

When you Add or Edit an app in the App Catalog, you have the option to select the per-app VPN setting to apply to the app. For this workflow, select the Tunnel (iOS) VPN setting you created. This procedure is not needed if you configured device-level VPN using Tunnel (On Demand).

Procedure

1. In Apps > App Catalog, add or edit an app.
2. In App Configurations, add the Per App VPN configuration.
3. Enter a name for the configuration.
4. Check Enable Per-App VPN for this app.
5. Select the Tunnel configuration to apply to the app.
6. Select a distribution option and click Next.
7. Click Done.

Related topics 

For more information about adding and editing apps for distribution, see the following sections in the Ivanti Neurons for MDM Guide:

• “Adding an app from a public store.”
• “Adding an In-house app.”