The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

IPv4 and IPv6 DNS Protection Status

You or your users will see state changes on the AnyConnect endpoint which are new after the installation of Umbrella Roaming Security. Within the AnyConnect user interface, the Roaming Security tile provides status information.

Note: If you do not see a displayed state, the Roaming Security Module is installed, but the OrgInfo file is not deployed.

AnyConnect as of 4.8 MR2

As of AnyConnect 4.8 MR2, to view status information:

  1. Open the AnyConnect Secure Mobile Client.
  2. Navigate to Roaming Security > Statistics.

DNS and IP Layer State Descriptions

State
Description
Condition

Reserved

Checking Connection Status.
No active network connections. The Roaming Module waits for an active network connection.

This operating state occurs during the following conditions:

  • When the module is first activated.

  • When a network interface change occurs. For example, as detection of a new network adapter, IP changes on an existing adapter, or a new VPN tunnel being established or torn down.

Open

You are not currently protected by Umbrella.

There is at least one active network connection; however, the roaming client cannot connect to Umbrella resolvers over port 53/UDP or 443/UDP on any active connection. The user is not protected by Umbrella or reporting to Umbrella. The system’s DNS settings will revert to their original settings—DHCP or Static.

This operating state occurs during the following conditions:

  • No UDP port 443 or UDP port 53 connectivity to Umbrella resolvers (IPv4 or IPv6)).

  • No Umbrella DNS VA is configured on the local network.

  • The VPN tunnel may temporarily be in a state of tear down or establishment.

Protected

You are protected by Umbrella. A network connection is active, and the Roaming Module is able to connect to Umbrella resolvers over port 53/UDP, but not 443 UDP. The user is protected and reporting to Umbrella, but the connection is not encrypted.

This state may occur when the module is first activated or when there is a network interface change.

Encrypted

You are protected by Umbrella.
The Umbrella roaming client has established a connection to Umbrella resolvers over port 443/UDP. The user is protected and reporting to Umbrella, and the DNS queries are encrypted. Internal Domains are forwarded to DHCP-delegated or statically-set DNS servers and are therefore not encrypted.

This operating state occurs during the following conditions:

  • UDP port 443 connectivity to Umbrella resolvers (IPv4 or IPv6).

  • TCP port 443 and TCP port 53 connectivity to Umbrella resolvers (IPv4 or IPv6).
    Note: TCP is only used when UDP responses are truncated.

Protected Network

You are on a network protected by Umbrella.
The computer is behind a Protected Network, and the organization has “Disable Behind Protected Networks” enabled in their dashboard. The Umbrella roaming client has reverted the DNS settings back to what was set through DHCP or statically set. The connection is not Encrypted.

This operating state occurs during the following conditions:

  • The current endpoint network egress IP address is registered with the same Umbrella account as the endpoint.

  • Resolvers used are the Umbrella cloud resolvers.

  • Policy configured through the Umbrella dashboard ("Disable Behind Protected Networks") dictates that the Umbrella module should be disabled when on a protected network.

Note: This state is not possible for all Umbrella roaming package customers because there is no network-level protection.

Behind Virtual Appliance

You are protected by an Umbrella virtual appliance (VA).
The computer is connected to a Network that has VAs configured for DNS servers. The Roaming Module disables itself and reverts the DNS settings back to what was set through DHCP or statically set. The connection is not Encrypted.

This operating state occurs when the endpoint configured DNS address (through DHCP or statically) is the Umbrella VA address.

VPN Trusted Network State

Disabled while you are on a trusted network.
Local Umbrella module DNS protection is not active because the current endpoint network is configured as an AnyConnect VPN trusted network.

This operating state occurs during the following conditions:

  • AnyConnect VPN module is reporting the Trusted Network Detection state as trusted.

  • AnyConnect VPN tunnel is either not connected or established in full tunnel mode.

  • The policy configured through the Umbrella dashboard dictates that the Umbrella module should be disabled when on an AnyConnect VPN trusted network.

Note: This setting is true for all roaming package customers and cannot be changed by the administrator.

Disabled due to VPN State

Disabled while your VPN is active.
Local Umbrella module DNS protection is not active because the endpoint currently has an active AnyConnect VPN tunnel established.

This operating state occurs during the following conditions:

  • AnyConnect VPN module is reporting the Trusted Network Detection state as not trusted.

  • AnyConnect VPN tunnel is established in full tunnel mode.

  • Policy configured with the Umbrella dashboard dictates that the Umbrella module should be disabled when an AnyConnect VPN tunnel is established.

Note: This setting is true for all roaming package customers and cannot be changed by the administrator.

No OrgInfo.json State

You are not currently protected by Umbrella.
Profile is missing. Local Umbrella module DNS protection is not active because the endpoint currently has an active AnyConnect VPN tunnel established.

This operating state occurs when the OrgInfo.json file was not deployed to the proper directory:

  • Windows: %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella

  • Mac: opt/cisco/anyconnect/umbrella

Agent Unavailable State

You are not currently protected by Umbrella.
Service unavailable. Local Umbrella module DNS protection is not active because the Umbrella agent is not running.

This operating state occurs when the Umbrella agent service is not currently running because of a crash or manual service stop.

Missing .NET Dependency State (Windows only)

You are not currently protected by Umbrella.
Microsoft 4.0 NET framework is not installed. Local Umbrella module DNS protection is not active because the Umbrella agent is not running. The .NET runtime framework is missing.

This operating state occurs when the Umbrella agent service is not running due to a missing .NET 4.0 runtime.

Disabled

(IPv6 only) IPv6 DNS protection is disabled by the administrator.

This operating state occurs when the Umbrella administrator disables DNS protection on IPv6 through the Umbrella dashboard.

IPv4 (IP Layer) Enforcement Status (Windows Only):

For more information about IP layer enforcement, see Add IP Layer Enforcement.

State
Condition
Description

Disabled

Feature is disabled.

The feature can be disabled either because of a DNS policy or because an administrator has disabled the setting for roaming computers.

Full Protection

IP layer enforcement system is functioning as expected.

In this state, the feature is working—a tunnel has been established, and the client can intercept and redirect bad IP addresses to Umbrella for inspection and blocking.

Local Protection (blocklist only)

IP layer enforcement is working but there is no tunnel
(Windows Only).

On the Windows client, if an IPsec tunnel cannot be established, the client will intercept and block a subset of bad IP addresses from the client. In this state, blocks cannot be reported to the Umbrella dashboard and greylisted IP address are allowed.

IP Data Download Error

An error occurred preventing the client from downloading the latest list of IP addresses.

Updated 16 days ago

IPv4 and IPv6 DNS Protection Status


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.