New features summary
These are cumulative release notes. If a release does not appear in this section, then there were no associated new features and enhancements.
General features and enhancements
Support to update End User License Agreement: The End User License Agreement (EULA) is updated and the users will be redirected to this agreement from the Ivanti Tunnel application.
Support to clear logs in Ivanti Tunnel iOS : Ivanti Tunnel now allows the user to clear logs from the application. This helps the user to clear the logs cache and share the latest logs related to the issues faced with administrators.
General features and enhancements
Support to provide a banner and a notification for updates: Ivanti Tunnel now displays information regarding compliance actions, connection status, and other error messages as a banner in the Ivanti Tunnel application and as a notification in the iOS notification center.
The notifications are not displayed in the notification center if the Ivanti Tunnel application is running in foreground mode; else only the banner is displayed.
General features and enhancements
Support for email debug information: When Ivanti Tunnel is disabled, the existing logs can now be emailed to the user.
Support for enhanced log level information: The logging configuration is enhanced to include the following categories of log levels. These log levels are listed in the order of priority.
Re-branding MobileIron Tunnel to Ivanti Tunnel: MobileIron Tunnel is re-branded to Ivanti Tunnel. MobileIron Tunnel is now called Ivanti Tunnel.
Support to attach STCache files: The STCache files can now be added as part of email for better debugging.
Support latest screens in App Store: The App Store preview screens are now replaced with Ivanti branding for Tunnel.
Support for Ivanti rebranding on pop ups and email logs: The pop-ups and email logs on iOS now have Ivanti branding.
Split tunnel enhancement: This feature is introduced to enhance browsing the websites when Sentry is down. The following conditions must be configured:
Split Tunneling must be enabled on Access. A default action must be set, either “Sent directly to destination” or “Send to destination via Sentry”. The other domains can be set to go through Sentry or Direct as required.
The websites are cached. This means if the website is visited at least once when the Sentry is up and the rule is set to "Send directly to destination", then the public websites are still accessible on the Managed devices when the Sentry is down.
If Sentry is down and if any rule is set to "Send to destination via Sentry", then those websites are not accessible.
However, the public websites with rule set to "Send directly to destination" are still accessible as these websites are cached.
stash.mobileiron.com is not accessible by users when sentry is down as the rule is set to "Send the destination via Sentry".
However, www.cnn.com is a public site and is accessible when Sentry is down as the rule is set to "Send directly to destination" and is also visited once when Sentry is up.
This feature is applicable only for CRT environment with App Proxy Tunnel.
Example 1: When the URL is accessed once before Sentry going down
If you access linkedin.com when Sentry was up and running, as per Split Tunnel rules, the request goes to direct to destination . The URL is accessible and the rule is cached by Tunnel.
However, when Sentry is down and you try to access the same URL again, the URL is accessible as the rules were already cached when linkedin.com was accessed for the first time.
Example 2: When the URL is accessed for the first time and the Sentry is down
If linkedin.com was not accessed when Sentry was up and if you try to access linkedin.com when Sentry is down, then URL is not accessible.
With the Split Tunnel enhancement, you can access traffic going directly even when Sentry is down but the URL must be accessed at least once when Sentry was up and running earlier.
The traffic configured to go through Sentry will not be accessible when Sentry is down.
This release does not include any new features and enhancements for AppConnect apps.
This release does not include any new features and enhancements for Access deployments.
iOS 15 compatibility: Tunnel 4.1.3 is now compatible with iOS 15.
This release includes the following features and enhancements that are common to all deployments:
Send Tunnel Debug logs using Email+: By default, Tunnel uses the native iOS email app to email debug logs. Tunnel can now also use Email+ to send debug logs. To set up Tunnel to use Email+ to send debug logs, add the key-value pair, UseSecureEMail, with the value true, in the Tunnel configuration.
For more information see "Emailing debug log information" in the Ivanti Tunnel for iOS Guide.
Support for iOS native Mail, Calendar, and Contact domains: Enter one or more domains that will trigger the configured per-app VPN connection in Mail, Contacts, and Calendar apps. The Tunnel configuration for iOS and macOS provides separate fields for entering the domain information.
Requires Core 10.6.0.0 or Ivanti Neurons for MDM 69 through the most recently released version as supported by Ivanti.
For more information see "Tunnel for iOS configuration field description" in the Ivanti Tunnel for iOS Guide.
Rebranding: Ivanti has updated the Tunnel for iOS icons and user interface color scheme. For more information see the Knowledge Base article Coming Soon - Ivanti UX changes Ivanti Tunnel Android and iOS App. See also "What users see in Ivanti Tunnel for iOS" in the Ivanti Tunnel for iOS Guide.
Support for MAM-only AppStation deployments: Ivanti productivity apps, Email+, Web@Work, and Docs@Work, in a MAM-only AppStation deployment can use Ivanti Tunnel to access enterprise resources. For more information about setting up a MAM-only AppStation deployment, see the AppStation for iOS Guide. The support is provided with AppStation 1.3.0 for iOS through the latest version as supported by Ivanti.
This release includes the following features and enhancements for AppConnect apps:
AppConnect Apps - Support for the Enable split tunneling using Tunnel feature: A new option, Enable Split Tunneling using Ivanti Tunnel, is available in the AppTunnel configuration for an AppConnect app, Docs@Work, and Web@Work on a unified endpoint management (UEM) platform. The UEM platforms are Ivanti Neurons for MDM or Core.
Before enabling the option in UEM, ensure that Tunnel is deployed and the Tunnel VPN configuration is applied to the AppConnect app, Docs@Work, or Web@Work for which you are enabling the split tunneling option.
Select the option if you are transitioning the AppConnect app for iOS from using UIWebView to WKWebView and app data is tunneled using AppTunnel. Enabling the option allows the configured AppTunnel rules to be managed through Tunnel rather than through AppTunnel. The workaround is available due to the planned deprecation of the UIWebView API by Apple.
This feature is not applicable if you are already using the split tunneling configuration on Access for your native iOS apps.
In addition to Ivanti Tunnel 4.1.0, the feature requires either one of the following:
- Go 5.4.0 and Ivanti Neurons for MDM 70.
- Mobile@Work 12.3.0 and Core 10.7.0.0.
For information about the UIWebView API deprecation, see UIWebView Deprecation and AppConnect Compatibility.
For information about configuring AppConnect App Configuration and AppTunnel configuration on Ivanti Neurons for MDM , see "Configuring AppConnect Apps" and "Configuring AppTunnel traffic rules" sections in the Ivanti Neurons for MDM Guide.
This release includes the following features and enhancements for Access deployments:
For information about configuring AppConnect App Configuration on Ivanti Neurons for MDM, see "AppConnect app configuration" in theAppConnect for Core Guide.
Report device ID to Access: For Access deployments, Tunnel reports the device ID to Access if the key SendDeviceID is configured in the Tunnel VPN configuration with the value true. The device ID is reported on Access in Reports > Errors. The key-value pair is useful in identifying devices that encounter connection errors when authenticating through Access.
See "Additional configurations using key-value pairs for Ivanti Tunnel" in the Ivanti Tunnel for iOS Guide.
Access IP address updates: If you have an Access deployment, ensure that you upgrade Ivanti Tunnel to this release automatically consume any changes in Access IP addresses. Upgrading to this version of Ivanti Tunnel allows device users to continue to successfully connect to your enterprise cloud resources through Access when there are changes to the Access IP address.
For information about the Access IP address updates, see Action Required: Access Infrastructure Maintenance requires update to Firewall Rules to avoid service outage.