The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Frequently Asked Questions

Does the Umbrella Android client UAC) require an AnyConnect license?
No. Only an active Umbrella subscription is required to use the Umbrella module on AnyConnect. No additional licenses are required.

Which MDMs are supported?
The client is MDM-agnostic and any MDM should be able to deploy it. However, we have validated the following MDMs in our lab: Cisco Meraki, MobileIron, VMware Workspace One and Microsoft Intune.

Which versions of Android OS are supported by the UAC?
UAC supports Android OS versions 6.0.1 and above.

Does the UAC client work on unmanaged Android devices?
No. The current Umbrella Android Client (UAC) works on managed (fully managed and work profile) Android devices only. However, support for unmanaged devices is planned for inclusion in future releases.

Does this client protect my entire Android mobile device?
For full details on device protection, refer to the Umbrella Android mobile security documentation.

Does this client support the Umbrella Secure Internet Gateway (SIG)?
No. The client supports DNS-layer security only.

Are there any differences between the UAC and the Endpoint Roaming Client (ERC)?
The feature differences between UAC and ERC are detailed below:

Feature
ERC
UAC

Supported Platforms

Windows, MacOS

Android

DNS-layer security blocks phishing and malicious domains

Yes

Yes

DNS logs augmented with endpoint IP information

Yes

Yes

Intelligent Proxy

Yes

Yes

EDNS message encryption between client and resolver

Yes

Yes

Customizable block page

Yes

Yes

User-based policies

Yes

Yes

Organization-wide policies

Yes

Yes

Safe Search

Yes

Yes

IP Blocking

Yes

No

Why does app download stop working as soon as the Umbrella protection is active?
A VPN connection is used to provide Umbrella protection on Android devices. After connecting to a VPN session one cannot download anything from the Google Play store. This is a known limitation in Android OS v9 and lower. To avoid this, download the apps before enabling VPN (i.e. Umbrella protection). This situation was corrected as of Android OS v10. Very few Android device manufacturers have included the update in their releases for Android versions older than v10. See link below for Refer to the Google issue tracker for more details.

Can I use a private DNS along with Umbrella protection?
No. Any private DNS must be turned off for DNS interception to work.

Can I use another VPN client along with the Umbrella module on AnyConnect?
No. Due to Android OS limitations, two VPN sessions cannot run simultaneously. AnyConnect supports remote access VPN connections along with Umbrella DNS protection. As a best practice, Cisco recommends using AnyConnect for both Remote Access VPN and Umbrella protection needs.

Does UAC support IPv6?
Not in the current release. This feature planned for inclusion in future releases.

Does UAC support TCP DNS requests?
No. The current release supports only DNS on UDP.

How do I get the Android ID?
To obtain your Android ID, either:

  • Launch the AnyConnect app, or
  • In Umbrella Security, click Options. Then navigate to Umbrella Statistics to find the Android ID.

Why do I see multiple entries on the umbrella dashboard for the same serial number?
Multiple entries for the same device appear in these circumstances:

  • The user creates and deletes work profiles several times.
  • The device is used my more than one user, each with their own login.
  • The user tries to factory reset the device multiple times.

As an admin, how can I know whether users are using the app and the device is protected?
In the Umbrella dashboard, navigate to Deployments -> Core Identities -> Mobile Devices. Once there:

  • Verify that the Android ID of the device is registered with Umbrella.
  • Verify that the android id of the device is syncing regularly, by checking for the last sync details.

Why am I able to browse blocked websites when the device says I am protected?
When the UAC is installed within the work profile, only the browser installed within the work profile is blocked from browsing blocked websites. When the UAC is installed in a fully managed device, and Umbrella protection is on, all the browsers on the device are blocked from such sites.

Can I use Umbrella Protection with the AnyConnect VPN?
Yes, Umbrella protection can be used when the remote VPN is on (that is, when the AnyConnect VPN is active).

How can I verify that Trusted Network Detection is working (Umbrella protection deactivates when a VA is detected in the network)?
Umbrella protection is deactivated when the UAC detects a VA in the network, unless the prerequisites are not met. For example:

  • The VA and Android device belong to different Umbrella organizations
  • The VA is not configured to HTTPS event mode
  • The VA domain is not signed with a public certificate or the self-signed certificate has not been installed on the Android device.

For more information, see Android module prerequisites.


Troubleshooting < Frequently Asked Questions

Updated 12 days ago

Frequently Asked Questions


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.