When you are using virtual appliances (VAs) for Internal Network or Active Directory visibility and granularity, Cisco Umbrella roaming client behavior changes. VAs act as DNS forwarders and send all public DNS requests to Umbrella and forward internal DNS requests to the network's internal DNS servers.
If a computer running the Umbrella roaming module enters a network with VAs set in DHCP's DNS settings, the Umbrella roaming module does the following:
- Disables itself. The Umbrella roaming client is running but enters a "standby" state.
- The DNS servers revert to what is provided by the VAs.
- Reporting in the Umbrella dashboard will show as the Internal Network IP or Active Directory identity of the user or computer and not as the Umbrella roaming module hostname.
Umbrella roaming client-specific policies will not be enforced until you roam onto a network without VAs.
This state is reflected in the Deployments > Core Identities > Roaming Computers page of the dashboard. A roaming computer protected by a VA is green and states that it is protected by a VA.
Active Directory Policy Enforcement and Identities < Virtual Appliances > Domain Management
Updated 2 days ago