Cisco Security Connector—Umbrella Setup Guide
The Cisco Security Connector—Umbrella Setup Guide only explains how to configure the Umbrella portion of the Cisco Security Connector (CSC). For information about how to configure your Mobile Device Manager (MDM) system, see your MDM system’s documentation.
The Cisco Security Connector provides visibility and control for organization-owned and MDM managed mobile Apple iOS devices, such as iPhones and iPads. The CSC's Umbrella component directs DNS traffic, including functionality for the intelligent proxy, to the Cisco Umbrella cloud where filtering against malicious sites, such as phishing sites or sites that exfiltrate information, takes place.
The CSC’s Umbrella portion does not require an on-demand or always-on VPN or a full proxy to gain complete visibility and control through cloud security (not locally on the device). This makes for both easier management and simpler, more effective security.
Note: Your iOS mobile device must be managed by a MDM system.
Note: Remote Browser Isolation (RBI), which protects identities by redirecting browsing to a cloud-based host, is not supported on mobile devices running iOS or Android.
For more information about the Cisco Security Connector, see Cisco Security Connector (CSC).
Requirements
For the Cisco Security Connector:
- iOS device must be running iOS 15.0 or higher OR an iOS device running in supervised mode with iOS 13.2 or higher.
- iOS device must be managed by a Mobile Device Manager (MDM) system and use one of the following Apple device managers:
- Apple School Manager
- Apple Business Manager
- Five MB free space.
One of the following supported MDM systems:
- Meraki System Manager (SM) with API access enabled.
Note: Only System Manager and Combined network types are supported. - Apple Configurator 2.5 or higher.
- IBM MaaS360.
- Intune.
- Jamf.
- MobiConnect
- MobileIron Enterprise Mobility Management (EMM) On-Prem and Cloud versions 9.4 or higher.
- Workspace ONE.
- Generic—Other MDMs may be used to manage your organization-owned iOS mobile device; however, success results may vary. For more information, see Generic MDM System Registration.
For information about configuring your specific MDM system, see your MDM system’s documentation or contact your MDM's support team.
You will also need:
- Cisco Umbrella account.
- Direct access to the IPv4 IP addresses 208.67.222.222 or 208.67.220.220 is required for IPv4 DNS protection on ports 53 and 443.
- Direct access to the IPv6 IP addresses 2620:119:35::35 or 2620:119:53::53, or access to IPv4 addresses on ports 53 and 443 through NAT64/DNS64 translation is required for IPv6 DNS protection.
Note: If DNS protection fails to engage, DNS traffic is not encrypted. - The device must be able to communicate with
registration.polaris.qq.opendns.com
for registration and validation purposes at least once a day—when actively used—otherwise, the device cannot be protected. - Depending on the MDM, you may also require each device's serial number.
Optionally
- Cisco AMP for Endpoints. For more information, see Cisco AMP for Endpoints.
Getting Started
For a quick explanation of how to protect your iOS device with Umbrella through CSC, see Quick Start.
For MDM specific Umbrella procedures, see:
- Meraki Registration
- Register an iOS Device Through Apple Configurator 2
- IBM MaaS360 Registration
- Intune Registration
- Jamf Registration
- MobiConnect Registration
- MobileIron Registration
- Workspace ONE Registration
- Register an iOS Device Through a Generic MDM System
Cisco Security Connector—Umbrella Setup Guide > Quick Start
Updated 1 day ago