Frequently Asked Questions

Does the Umbrella Android client (UAC) require an AnyConnect license?
No. Only an active Umbrella subscription is required to use the Umbrella module on AnyConnect. No additional licenses are required.

Which MDMs are supported?
The client is MDM-agnostic and any MDM should be able to deploy it. However, we have validated the following MDMs in our lab: Cisco Meraki, MobileIron, VMware Workspace One, Microsoft Intune, and Samsung Knox.

Which versions of Android OS are supported by the Cisco Secure Client?
UAC supports Android OS versions 6.0.1 and above.

Does the Cisco Secure Client work on unmanaged Android devices?
Yes. The Cisco Secure Client works on managed (fully managed and work profile) and unmanaged Android devices. For more information, see End-User Actions.

Does this client protect my entire Android mobile device?
For full details on device protection, refer to Umbrella Module for AnyConnect (Android OS).

Does this client support the Umbrella Secure Internet Gateway (SIG)?
No. The client supports DNS-layer security only.

Are there any differences between the Cisco Secure Client and the Endpoint Roaming Client (ERC)?
The feature differences between Cisco Secure Client and ERC are detailed below:

FeatureERCCisco Secure Client
Supported PlatformsWindows, MacOSAndroid
DNS-layer security blocks phishing and malicious domainsYesYes
DNS logs augmented with endpoint IP informationYesYes
Intelligent ProxyYesYes
EDNS message encryption between client and resolverYesYes
Customizable block pageYesYes
User-based policiesYesYes
Organization-wide policiesYesYes
Safe SearchYesYes
IP BlockingYesNo

Why does app download stop working as soon as the Umbrella protection is active?
A VPN connection is used to provide Umbrella protection on Android devices. After connecting to a VPN session one cannot download anything from the Google Play store. This is a known limitation of Android OS v9 and lower. To avoid this, download the apps before enabling VPN (Umbrella protection). This situation was corrected as of Android OS v10. Very few Android device manufacturers have included the update in their releases for Android versions older than v10. For more information, see Can not download apps in Google Play Store after connected VPN in Oreo.

Can I use a private DNS along with Umbrella protection?
No. Any private DNS must be turned off for DNS interception to work.

Can I use another VPN client along with the Umbrella module on AnyConnect?
No. Due to Android OS limitations, two VPN sessions cannot run simultaneously. AnyConnect supports remote access VPN connections along with Umbrella DNS protection. As a best practice, Cisco recommends using AnyConnect for both Remote Access VPN and Umbrella protection needs.

Does UAC support IPv6?

Does UAC support TCP DNS requests?
No. The current release supports only DNS on UDP.

How do I get the Android ID?
To obtain your Android ID, either:

  • Launch the AnyConnect app
  • In Umbrella Security, click Options. Then navigate to Umbrella Statistics to find the Android ID.

Why do I see multiple entries on the umbrella dashboard for the same serial number?
Multiple entries for the same device appear in these circumstances:

  • The user creates and deletes work profiles several times.
  • The device is used my more than one user, each with their own login.
  • The user tries to factory reset the device multiple times.

As an admin, how can I know whether users are using the app and the device is protected?
In the Umbrella dashboard, navigate to Deployments > Core Identities > Mobile Devices. Once there:

  • Verify that the Android ID of the device is registered with Umbrella.
  • Verify that the Android ID of the device is syncing regularly by checking for the last sync details.

Why am I able to browse blocked websites when the device says I am protected?
When the UAC is installed within the work profile, only the browser installed within the work profile is blocked from browsing blocked websites. When the UAC is installed in a fully managed device, and Umbrella protection is on, all the browsers on the device are blocked from such sites.

Can I use Umbrella Protection with the AnyConnect VPN?
Yes, Umbrella protection can be used when the remote VPN is active. That is, when the AnyConnect VPN is active.

How can I verify that Trusted Network Detection is working (Umbrella protection deactivates when a VA is detected in the network)?
Umbrella protection is deactivated when the UAC detects a VA in the network, unless the prerequisites are not met. For example:

  • The VA and Android device belong to different Umbrella organizations
  • The VA is not configured to HTTPS event mode
  • The VA domain is not signed with a public certificate or the self-signed certificate has not been installed on the Android device.

For more information, see Android module prerequisites.

Troubleshooting < Frequently Asked Questions