Configure Cellular and Wifi Domains

By default, iOS will appropriately prioritize DNS to the expected interface. However, in some cases you may need to inform iOS of the desired target interface.

For example:

• Always send a domain over WiFi, never cellular. This can ensure that local corporate domains are never sent over the cellular network.
• Always send a domain over cellular, never WiFi. This can aid in compatibility issues, such as voicemail domains only functioning over cellular DNS.

Prerequisites

• Cisco Security Connector for iOS version 1.6 or higher on iOS 14 or higher.

Procedure

1. Open the iOS configuration profile in your preferred code editor. Your profile may already have wifiDomains and celluarDomains keys as shown. If not, add them.
   For example:

<key>anonymizationLevel</key>
<integer>1</integer>
<key>disabled</key>
<false/>
  <key>cellularDomains</key>
  <array> 
    <string>sendtocellularconnection.com</string> 
  </array>
  <key>wifiDomains</key>
  <array>
    <string>sendoverwifi.com</string>
</array> 
  <key>internalDomains</key>

2. Configure the wifiDomains or cellularDomains keys as desired using the example provided. Each domain is encapsulated by a string tags. Some configuration profiles may require the addition of these keys. Keys should be added immediately preceding the internalDomains key.
   For example:

<dict> 
 <key>anonymizationLevel</key> 
 <integer>1</integer> 
 <key>disabled</key> 
 <false/> 
 <key>cellularDomains</key> 
 <array> 
   <string>sendtocellularconnection.com</string> 
 </array> 
 <key>wifiDomains</key> 
 <array> 
   <string>sendoverwifi.com</string> 
  </array> 
<key>internalDomains</key>

Push the Umbrella Certificate to Devices < Configure Cellular and Wifi Domains>Configuring DNS Suffix Whitelisting