The Cisco Security Connector—Umbrella Setup Guide only explains how to configure the Umbrella portion of the Cisco Security Connector (CSC). For information about how to configure your Mobile Device Manager (MDM) system, see your MDM system’s documentation.
The Cisco Security Connector provides visibility and control for organization-owned and MDM managed mobile Apple iOS devices, such as iPhones and iPads. The CSC's Umbrella component directs DNS traffic, including functionality for the intelligent proxy, to the Cisco Umbrella cloud where filtering against malicious sites, such as phishing sites or sites that exfiltrate information, takes place.
The CSC’s Umbrella portion does not require an on-demand or always-on VPN or a full proxy to gain complete visibility and control through cloud security (not locally on the device). This makes for both easier management and simpler, more effective security.
Note: Your iOS mobile device must be supervised and managed by an MDM system.
For more information about the Cisco Security Connector, see Cisco Security Connector (CSC).
For the Cisco Security Connector:
- iOS device running iOS version 13.2 or higher.
- Your iOS device must be running in supervised mode.
- Your iOS device must be managed using a Mobile Device Manager (MDM) system and Apple School Manager or Apple Business Manager.
- Five MB free space.
One of the following supported MDM systems:
- Meraki System Manager (SM) with API access enabled.
Note: Only System Manager and Combined network types are supported.
- Apple Configurator 2.5 or higher.
- IBM MaaS360.
- MobileIron Enterprise Mobility Management (EMM) On-Prem and Cloud versions 9.4 or higher.
- Workspace ONE.
- Generic—Other MDMs may be used to manage your organization-owned iOS mobile device; however, success results may vary. For more information, see Register an iOS Device through a Generic MDM System.
For information about configuring your specific MDM system, see your MDM system’s documentation or contact your MDM's support team.
You will also need:
- Cisco Umbrella account.
- Direct access to the IPv4 IP addresses 126.96.36.199 or 188.8.131.52 is required for IPv4 DNS protection on ports 53 and 443.
- Direct access to the IPv6 IP addresses 2620:119:35::35 or 2620:119:53::53, or access to IPv4 addresses on ports 53 and 443 through NAT64/DNS64 translation is required for IPv6 DNS protection.
Note: If DNS protection fails to engage, DNS traffic is not encrypted.
- The device must be able to communicate with
registration.polaris.qq.opendns.comfor registration and validation purposes at least once a day—when actively used—otherwise, the device cannot be protected.
- Depending on the MDM, you may also require each device's serial number.
- Cisco AMP for Endpoints. For more information, see Cisco AMP for Endpoints.
Cisco Security Connector—Umbrella Setup Guide > Quick Start
Updated about a month ago