The Cisco Security Connector—Umbrella Setup Guide only explains how to configure the Umbrella portion of the Cisco Security Connector (CSC). For information about how to configure your Mobile Device Manager (MDM) system, see your MDM system’s documentation.
The Cisco Security Connector provides visibility and control for organization-owned and MDM managed mobile Apple iOS devices, such as iPhones and iPads. The CSC's Umbrella component directs DNS traffic, including functionality for the intelligent proxy, to the Cisco Umbrella cloud where filtering against malicious sites, such as phishing sites or sites that exfiltrate information, takes place.
The CSC’s Umbrella portion does not require an on-demand or always-on VPN or a full proxy to gain complete visibility and control through cloud security (not locally on the device). This makes for both easier management and simpler, more effective security.
Note: Your iOS mobile device must be supervised and managed by an MDM system.
For more information about the Cisco Security Connector, see Cisco Security Connector (CSC).
For the Cisco Security Connector:
- iOS device running iOS version 11.3 or higher.
- Your iOS device must be running in supervised mode.
- Your iOS device must be managed using a Mobile Device Manager (MDM) system and the Device Enrolment Program (DEP) and Volume Purchase Program (VPP).
- Five MB free space.
One of the following MDM systems:
- Meraki System Manager (SM) with API access enabled.
Note: Only System Manager and Combined network types are supported.
- Apple Configurator 2.5 or higher.
- MobileIron Enterprise Mobility Management (EMM) On-Prem and Cloud versions 9.4 or higher.
- Workspace ONE.
- Generic—Other MDMs may be used to manage your organization-owned iOS mobile device; however, success results may vary. For more information, see Register an iOS Device through a Generic MDM System.
For information about configuring your specific MDM system, see your MDM system’s documentation or contact your MDM's support team.
You will also need:
- Cisco Umbrella account.
- Direct access to the IPv4 IP addresses 184.108.40.206 or 220.127.116.11 is required for IPv4 DNS protection on ports 53 and 443.
- Direct access to the IPv6 IP addresses 2620:119:35::35 or 2620:119:53::53, or access to IPv4 addresses on ports 53 and 443 through NAT64/DNS64 translation is required for IPv6 DNS protection.
Note: If DNS protection fails to engage, DNS traffic is not encrypted.
- The device must be able to communicate with registration.polaris.qq.opendns.com for registration and validation purposes at least once a day.
- Cisco AMP for Endpoints. For more information, see Cisco AMP for Endpoints.
For a quick explanation of how to protect your iOS device with Umbrella through CSS, see Quick Start.
For Umbrella procedures specific to an MDM, see:
For information about configuring your specific MDM system, see your MDM system’s documentation.
Cisco Security Connector—Umbrella Setup Guide > Quick Start