Stealth Mode

Stealth mode is the robust solution to provide a seamless authentication to the user without any user interaction when transitioning from one connection to another. This feature supports only on Windows.

Stealth mode is the robust solution to provide a seamless Step-up, Step-down experience to the end-user when transitioning from one connection to another.

Now, while configuring Ivanti Connect Secure settings, the following two new checkboxes are added under connection set.

•Enable stealth mode on this connection

•Show stealth connection to user

When Enable stealth mode on this connection is enabled, user will not be able to see and control the established connection through the Ivanti Secure Access Client UI. User or machine authentication will happen seamlessly without any user interaction.

When Show stealth connection to user is enabled, user will be able to see the Stealth mode connection in the Ivanti Secure Access Client interface. User will be able to see only the connection status in Ivanti Secure Access Client Tray icon and an option to view Advanced Connection details. User will not be able to control any actions.

Admin can enable the checkbox Show stealth connection to user only when Enable Stealth mode on this connection checkbox is checked.

For example, admin wants to configure two connections one by stealth and another connection as non-stealth.

One is stealth enabled connection named "9.0R3_Feature" (by enabling Enable Stealth mode on this connection), consider it as Step-down connection.

Second connection is non-stealth configured connection named "Step-Up". Refer the following figure:

Following are the two scenarios to understand the stealth mode behavior.

Scenario 1

Enable Stealth mode on this connection: Enabled

Show stealth connection to user: Disabled

User will not be able to see configured Step-down (Stealth mode connection - 9.0R3_Feature) on Ivanti Secure Access Client UI. Refer to below figure and figure.

Now, Step-down (Stealth enabled connection - 9.0R3_Feature) is set, but not visible to the user on Ivanti Secure Access Client UI. User can only see the connection status in Ivanti Secure Access Client tray icon. Refer the following figure:

When user clicks Connect button of Step-up connection, Step-down (Stealth – 9.0R3 feature) gets disconnected and when user clicks Disconnect button to disconnect Step-up connection, step-down automatically gets connected.

Step-Up connections can get terminated in many scenarios for example:

•When user disconnects Step-Up connection

•Session Timeout (if user does not enter credentials once the timeout happens)

•Location Awareness becomes False

Scenario 2

Enable Stealth mode on this connection: Enabled

Show stealth connection to user: Enabled

User will be able to see Step-down (Stealth enabled connection) on Ivanti Secure Access Client UI.

Now, Step-down (Stealth enabled connection) connection is set and will be visible to the user on Ivanti Secure Access Client UI. Refer the following figure:

When user clicks Connect button of Step-up connection, Step-down (Stealth ) gets disconnected and when user clicks Disconnect button to disconnect Step-up connection, step-down connection automatically gets connected. Refer following figures below.

 

User will not be able to perform the actions like Disconnect, Suspend, Cancel, Edit, Delete, Forget Saved Settings. User will be able to see Advanced Connection Details and Add another connection. Refer Figure: Stealth Mode Connection – Actions

When user clicks on Add to add another connection, it will not be in Stealth Mode.

Stealth mode can be enabled for the following types of connections:

•User connection

•Machine connection

•User or Machine Connection

User would not know that a tunnel is established. Authentication could be done through AD username/password, Cert-based, Smart-card.

The following connection settings would be non-editable by the user when the Stealth mode is enabled on a connection.

•Allow user to override connection policy: Disabled

•Use Desktop Credentials: Enabled

•Connect automatically: Enabled

•Reconnect at Session Timeout or Deletion: Enabled

L3 and Pulse SAM Coexistence feature will not work, if L3 is configured Stealth Mode connection.