Umbrella Roaming Security Cisco
1686162897
File Name: umbrella-roaming.pdf
File Size: 1.05 MB
File Type: Application/pdf
Last Modified: N/A
Status: Available
Last checked: 8 days ago!
This Document Has Been Certified by a Professional
100% customizable
Language: English
We recommend downloading this file onto your computer
Summary
Umbrella Roaming Security The Umbrella Roaming Security module requires a subscription to a Cisco Umbrella Roaming service with either the Professional, Insights, Platform, or MSP package. Cisco Umbrella Roaming provides DNS-layer security when no VPN is active, and a Cisco Umbrella subscription adds Intelligent Proxy. Additionally, Cisco Umbrella subscriptions provide content filtering, multiple policies, robust reporting, active directory integration, and much more. The same Umbrella Roaming Security module is used regardless of the subscription
The Umbrella Roaming module profile (OrgInfo.json) associates each deployment with the corresponding service, and the corresponding protection features are enabled automatically
The Umbrella Dashboard provides real-time visibility into all of the Internet activity originating from the Roaming Security module. The level of granularity in policies and reports depends on the Umbrella subscription
Refer to https://umbrella.cisco.com/products/packages for a detailed comparison of which features are included in which service level subscriptions
• Umbrella Module for AnyConnect for Windows or macOS, on page 1Umbrella Module for AnyConnect for Windows or macOSUmbrella Roaming Client and Umbrella Roaming Security ModuleIncompatibility The Umbrella Roaming Security module and the Umbrella Roaming Client are incompatible. If you are deploying the Umbrella Roaming Security module, any existing installation of the Umbrella Roaming Client will be detected and removed automatically during installation of the Roaming Security module to prevent conflicts. If the existing installation of the Umbrella Roaming Client is associated with an Umbrella service subscription, it will automatically be migrated to the Umbrella Roaming Security module unless an OrgInfo.json file is co-located with the AnyConnect installer, configured for web-deployment or predeployed in the Umbrella module's directory. You may also wish to manually uninstall the Umbrella Roaming Client prior to deploying the Umbrella Roaming Security module
Umbrella Roaming Security 1 Umbrella Roaming Security Obtain Cisco Umbrella AccountObtain Cisco Umbrella Account The Umbrella dashboard (http://dashboard.umbrella.com/) is the login page where you can obtain the profile (OrgInfo.json) for the AnyConnect Umbrella Roaming Security module to include in your deployment. From there you can also manage policy and reporting for the activity of the roaming client
Download the OrgInfo File From Dashboard The OrgInfo.json file is specific information about your Umbrella dashboard instance that lets the Roaming Security module know where to report and which policies to enforce
To prepare for deploying the Umbrella Roaming Security module, you must obtain the OrgInfo.json file from the Umbrella dashboard (https://dashboard.umbrella.com)
Click on Roaming Computers in the Identities menu structure and then click the + sign in the upper-left corner of the page. Scroll down to AnyConnect Umbrella Roaming Security Module and click Module Profile
Refer to the AnyConnect Deployment Overview for specific installation/deployment steps and package and file specifics
Note When you deploy the OrgInfo.json file for the first time, it is copied to the data subdirectory (/umbrella/data), where several other registration files are also created. Therefore, if you need to deploy a replacement OrgInfo.json file, the data subdirectory must be deleted. Alternatively, you can uninstall the Umbrella Roaming Security module (which deletes the data subdirectory) and reinstall with the new OrgInfo.json file
Get Umbrella Roaming Security Up and Running When you deploy AnyConnect, the Umbrella Roaming Security module is one of the optional modules that you can include to enable extra features
For Windows 7 SP1 users, we recommend that you install Microsoft .NET framework 4.0 before installation or initial use. At startup, the Umbrella service checks if .NET framework 4.0 (or newer) is installed. If it is not detected, the Umbrella Roaming Security module is not activated, and a message is displayed. To go and then install the .NET Framework, you must reboot to activate the Umbrella Roaming Security module
Configure the OrgInfo.json File The OrgInfo.json file contains specific information about your Umbrella service subscription that lets the Security Roaming module know where to report and which policies to enforce. You can deploy the OrgInfo.json file and enable the Umbrella Roaming Security module from the ASA or ISE using CLI or GUI. The steps below describe how to enable from the ASA first and then how to enable from ISE: ASA CLI 1. Upload the OrgInfo.json that you obtained from the Umbrella dashboard (https://dashboard.umbrella.com) to the ASA file system
2. Issue the following commands, adjusting the group-policy name as appropriate for your configuration
webvpn anyconnect profiles OrgInfo disk0:/OrgInfo.json Umbrella Roaming Security 2 Umbrella Roaming Security Cloud Update group-policy DfltGrpPolicy attribute webvpn anyconnect profiles value OrgInfo type umbrella ASDM GUI 1. Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile
2. Choose Add
3. Give the profile a name
4. Choose the Umbrella Security Roaming Client type from the Profile Usage drop-down menu. The OrgInfo.json file populates in the Profile Location field
5. Click Upload and browse to the location of the OrgInfo.json file that you downloaded from the dashboard
6. Associate it with the DfltGrpPolicy at the Group Policy drop-down menu. Refer to Enable Additional AnyConnect Modules to specify the new module name in the group-policy
ISE Follow these steps to enable from ISE: 1. Upload the OrgInfo.json from the Umbrella dashboard https://dashboard.umbrella.com
2. Rename the file OrgInfo.xml
3. Follow steps in Configure ISE to Deploy AnyConnect
Cloud Update The Umbrella Roaming Security module can provide automatic updates for all installed AnyConnect modules from the Umbrella Cloud infrastructure. With Cloud Update, the software upgrades are obtained automatically from the Umbrella Cloud infrastructure, and the update track is dependent upon that and not any action of the administrator
By default, automatic updates from Cloud Update are disabled. To enable Cloud Updating for Umbrella Roaming Security and the rest of AnyConnect, log in to the Umbrella Dashboard. Under the Identities > Roaming Computers> Settings icon (the gear icon), check Automatically update AnyConnect, including VPN module, whenever new versions are released. Updates will not occur while VPN is active. By default, this option is unselected
Consider the following regarding Cloud Update: • Only the software modules that are currently installed are updated
• Customizations, localizations, and any other deployment types are not supported
• The updates occur only when logged in to a desktop and will not happen if a VPN is established
• With updates disabled, the latest software features and updates will not be available
• Disabling Cloud Update has no effect on other update mechanisms or settings (such as web-deploy, deferred updates, and so on)
Umbrella Roaming Security 3 Umbrella Roaming Security Configure Security Policies and Review the Reports • Cloud Update ignores devices having newer, unreleased versions of AnyConnect (such as interim releases and patched versions)
Configure Security Policies and Review the Reports You must have a Cisco Umbrella Roaming account to receive protection, see reporting information, and configure policies. For in-depth explanations, visit https://docs.umbrella.com/product/umbrella/ or https://support.umbrella.com for additional information
After installation, the Roaming Computer is visible in your Umbrella Dashboard within 90 minutes to 2 hours
Navigating and authenticating to https://dashboard.umbrella.com and then going to Identities > Roaming Computers shows a list of Roaming Clients (both active and inactive), as well as details about each installed client
Initially, a default policy with a base level of security filtering is applied to your Roaming Computers. This Default Policy is found in the Policies section of the dashboard (or Configuration > Policy for Cisco Umbrella accounts)
Reporting for the Roaming Clients is found under the Reports section. Check the Activity Search report to see DNS traffic from computers with the Umbrella Roaming Security module installed and the VPN turned off
Decipher What UI Changes You See on the Endpoint Within the AnyConnect UI, the Umbrella Roaming Security module tile gives the current status
State Icon Color Description Condition Reserved Orange Checking Connection Status. The This operating state occurs during the Umbrella module has not yet following conditions: determined the protection state
• When the module is first activated
• When a network interface change (such as detection of a new network adapter, IP changes on an existing adapter, or a new VPN tunnel being established or torn down) occurs
Open Yellow You are not currently protected by This operating state occurs during the Umbrella. Local Umbrella module following conditions: DNS protection is not active due to • No UDP port 443 or UDP port 53 connectivity issues with the Umbrella connectivity to Umbrella resolvers resolvers. There is at least one active (209.67.222.222)
network connection; however, the roaming client cannot connect to the • No Umbrella DNS VA is configured Umbrella service on any active on the local network
• The VPN tunnel may temporarily be The system's DNS settings revert to in a state of tear down or their original settings (DHCP or establishment
Umbrella Roaming Security 4 Umbrella Roaming Security Decipher What UI Changes You See on the Endpoint State Icon Color Description Condition Protected Green You are protected by Umbrella. DNS This state may occur when the module is queries are not encrypted. Local first activated or when there is a network Umbrella module DNS protection is interface change
active, and DNS requests are sent unencrypted to Umbrella resolvers
Encrypted Green You are protected by Umbrella. DNS This operating state occurs during the queries are encrypted. Local Umbrella following conditions: module DNS protection is active, and • UDP port 443 connectivity to DNS requests are sent encrypted to Umbrella resolvers Umbrella resolvers
• TCP port 443 and TCP port 53 connectivity to Umbrella resolvers (208.67.222.222)
Protected Green You are on a network protected by This operating state occurs during the Network Umbrella. Local Umbrella module following conditions: DNS protection is not active because • The current endpoint network egress the current endpoint network is IP address is registered with the protected using Umbrella resolvers
same Umbrella account as the The Roaming Client has reverted the endpoint
DNS settings back to what was set via DHCP or statically set. The • Resolvers used are the Umbrella connection is not Encrypted. cloud resolvers (208.67.222.222, 208.67.220.220)
• Policy configured via Umbrella dashboard ("Disable Behind Protected Networks") dictates that the Umbrella module should be disabled when on a protected network
Note This state is not possible for all Cisco Umbrella Roaming package customers because there is no network-level protection
Umbrella Roaming Security 5 Umbrella Roaming SecurityDecipher What UI Changes You See on the Endpoint State Icon Color Description Condition Behind Green You are protected by an Umbrella This operating state occurs when the Virtual virtual appliance. Local Umbrella endpoint configured DNS address (via Appliance module DNS protection is not active DHCP or statically) is the Umbrella VA because an Umbrella Virtual address
Appliance is configured as the on-premise DNS resolver. The Roaming Client disables itself and reverts the DNS settings back to what was set via DHCP or statically set
The connection is not Encrypted
Umbrella Gray Disabled while you are on a trusted This operating state occurs during the Trusted network. Local Umbrella module following conditions: Network DNS protection is not active because • The Umbrella dashboard has been State the current endpoint network is configured with a magic domain configured as an Umbrella trusted name
• A corresponding magic domain name or record has been configured on the local DNS resolvers
VPN Gray Disabled while you are on a trusted This operating state occurs during the Trusted network. Local Umbrella module following conditions: Network DNS protection is not active because • AnyConnect VPN module is State the current endpoint network is reporting the Trusted Network configured as an AnyConnect VPN Detection state as trusted
trusted network
• AnyConnect VPN tunnel is either not connected or established in full tunnel mode
• The policy configured via the Umbrella dashboard dictates that the Umbrella module should be disabled when on an AnyConnect VPN trusted network
Note This setting is true for all roaming package customers and cannot be changed by the administrator
Umbrella Roaming Security 6 Umbrella Roaming Security Decipher What UI Changes You See on the Endpoint State Icon Color Description Condition Disabled Gray Disabled while your VPN is active. This operating state occurs during the Due to VPN Local Umbrella module DNS following conditions: State protection is not active because the • AnyConnect VPN module is endpoint currently has an active reporting the Trusted Network AnyConnect VPN tunnel established
Detection state as not trusted
• AnyConnect VPN tunnel is established in full tunnel mode
• Policy configured with the Umbrella dashboard dictates that the Umbrella module should be disabled when an AnyConnect VPN tunnel is established
Note This setting is true for all roaming package customers and cannot be changed by the administrator
No Red You are not currently protected by This operating state occurs when the OrgInfo.json Umbrella. Profile is missing. Local OrgInfo.json file was not deployed to the State Umbrella module DNS protection is proper directory: not active because the endpoint Windows: %ProgramData%\Cisco\Cisco currently has an active AnyConnect AnyConnect Secure Mobility VPN tunnel established
Client\Umbrella macOS: opt/cisco/anyconnect/umbrella Agent Red You are not currently protected by This operating state occurs when the Unavailable Umbrella. Service unavailable. Local Umbrella agent service is not currently State Umbrella module DNS protection is running (either due to a crash or manual not active because the Umbrella agent service stop)
is not running
Missing Red You are not currently protected by This operating state occurs when the .NET Umbrella. Microsoft 4.0 NET Umbrella agent service is not running due Dependency framework is not installed. Local to a missing .NET 4.0 runtime
State Umbrella module DNS protection is (Windows not active because the Umbrella agent only) is not running. The .NET runtime framework is missing
The AnyConnect UI also displays statistics and a message history in the Umbrella Roaming Security module
Umbrella Roaming Security 7 Umbrella Roaming Security Interpret DiagnosticsInterpret Diagnostics You should run a DART report to diagnose any Cisco Umbrella Roaming Security module issues. Refer to https://docs.umbrella.com/umbrella-user-guide/docs/appendix-c-troubleshooting for Umbrella concerns and troubleshooting details
Umbrella Roaming Security 8
•CloudUpdateignoresdeviceshavingnewer,unreleasedversionsofAnyConnect(suchasinterimreleases andpatchedversions). Configure Security Policies andReview theReports
Documemt Updated
Popular Download
Frequently Asked Questions
What is um umbrella roaming and how does it work?
Umbrella Roaming is a cloud-delivered security service for Cisco's next-generation firewall. It protects your employees even when they are off the VPN. No additional agents are required. Simply enable the Umbrella functionality in the Cisco AnyConnect client.
Where is the umbrella roaming security module in cisco anyconnect?
Open the Cisco AnyConnect Secure Mobility Client and eyeball the Roaming Security module. If it's inactive like you see below, chances you are running into the same issue we were! Umbrella Roaming Security Module inactive. The C:ProgramDataCiscoCisco AnyConnect Secure Mobility Client path is already known to many for you.
What is cisco umbrella and how does it work?
Simply enable the Umbrella functionality in the Cisco AnyConnect client. You’ll get seamless protection against malware, phishing, and command-and-control callbacks wherever your users go. This cloud-delivered security service for Cisco’s next-generation firewall offers protection when users are off the VPN.
How do i lock down the umbrella roaming client service?
View our GPO service lockdown guide here. Stop, Restart or Start the system service via the Services MMC snap-in (Start > Run > Services.msc). Select the Umbrella Roaming Client service and select the action. Same process as above; however, the service name to stop will be "Cisco AnyConnect Umbrella Roaming Security Framework Service" to stop.