Guides
ProductDeveloperPartnerPersonal
Guides

Roaming Computers Settings

You can configure a number of advanced settings for both the Cisco Umbrella roaming client and the Cisco Umbrella AnyConnect roaming security module.

Table of Contents

Prerequisites

Procedure

  1. Navigate to Deployments > Core Identities > Roaming Computers and click Settings.
1097
  1. Select a tab and then options on that tab:

General Settings

  • Auto-Delete Inactive Roaming Computer—Automatically deletes all roaming computers that have not synced for the specified period of time. Unsynced roaming computers are removed from the Umbrella dashboard, but the client software is not automatically uninstalled from the computer. If a roaming computer comes back online it re-appears in the dashboard once it has re-synced, even if it has been deleted.
  • Active Directory—Enables identity support for roaming computers. Identity support is an enhancement to the Umbrella roaming client or the Cisco Secure Client Umbrella roaming security module that provides Active Directory user and group identity-based policies, in addition to user and private LAN IP reporting. See Identity Support for the Roaming Client.
  • VPN Compatibility Mode—The Cisco Umbrella roaming client works with most VPN software; however, certain Cisco Secure Roaming security module and other VPN profiles may not resolve local DNS correctly on a VPN connection with Windows 10 due to the elimination of the system DNS binding order. The local LAN may bind above the VPN, failing to resolve local DNS over the tunnel. Select this setting to apply the legacy binding order behavior. For more information, see VPNs (including Cisco Secure Client) + Standalone Roaming Client + Windows 10 and 11: DNS Binding Order VPN compatibility mode.

Client Settings

Secure Client Settings

  • IPv6 DNS Protection— Provides DNS protection through redirection to Umbrella resolvers for IPv6.
    Note: DNS protection over IPv6 DNS564 support is not available.
  • AnyConnect Client Auto-Update— When enabled, AnyConnect Client and all of its installed modules automatically update within 30 days of a release being posted to Cisco.com.

Umbrella Roaming Client Settings

  • IPv6 DNS Protection— Provides DNS protection through redirection to Umbrella resolvers for IPv6
    Note: DNS protection over IPv6 DNS64 support is not available.

Backoff Settings

This tab presents settings to enable the client to backoff from providing DNS protection in certain scenarios.


  • Backoff Behind Virtual Appliance— When this setting is enabled and the client detects a virtual appliance, DNS traffic goes through the local network. When this setting is disabled and the client detects a virtual appliance, DNS traffic is redirected to Umbrella, while web traffic is not.
    Note: This setting also applies to the iOS setting on the Mobile Device page.
  • Customer Trusted Network— When enabled, DNS and web redirection to Umbrella is disabled if the specified subdomain name is found on the network and resolves to an RFC-1918 local IP address (e.g. "10.0.0.1").
  • Protected Network Detection— Disables the DNS-based protection applied by the Cisco Secure Client Umbrella module while on a network protected by Umbrella. This includes the intelligent proxy as it is a DNS-based redirect. Relies on the protection of the network for all features. To trigger this setting, network registration and the network must be the higher policy (not same, but higher) and the local DNS server egress network must be the same network registration as straight out from the computer to 208.67.222.222. Having the network in the same organization will not trigger the disabling of traffic redirection.
  • AnyConnect Trusted Network Detection— Trusted Network Detection (TND) is configured in the Cisco Secure Client's AnyConnect VPN profile. Enabling this setting disables DNS traffic forwarding to Umbrella whenever TND indicates the current network is trusted.
  • AnyConnect VPN Detection— When enabled, DNS traffic forwarding to Umbrella is disabled when endpoint detects that a full-tunnel VPN session is active. This is specific to Cisco VPNs.
    Note: For tunnels, this functionality is supported only for full tunnels. It does not work for full tunnels with dynamic split tunneling.

Configure Protected Networks for Roaming Computers < Roaming Computer Settings > Encryption and Authentication