Roaming Computers Settings
You can configure a number of advanced settings for both the Cisco Umbrella roaming client and the Cisco Umbrella AnyConnect roaming security module.
Table of Contents
Prerequisites
- Full admin access to the Umbrella dashboard. See Manage User Roles.
- Roaming client installed. See Download and Install the Roaming Client.
Procedure
- Navigate to Deployments > Core Identities > Roaming Computers and click Settings.
- Select a tab and then options on that tab:
General Settings
- Auto-Delete Inactive Roaming Computers—Automatically deletes all roaming computers that have not synced for the specified period of time. Inactive roaming computers are removed from the Umbrella dashboard, but the client software is not automatically uninstalled from the computer. If a roaming computer comes back online it re-appears in the dashboard once it has re-synced, even if it has been deleted.
- Active Directory—Enables identity support for roaming computers. Identity support is an enhancement to the Umbrella roaming client or the AnyConnect Umbrella roaming security module that provides Active Directory user and group identity-based policies, in addition to user and private LAN IP reporting. See Identity Support for the Roaming Client.
- VPN Compatibility Mode—The Cisco Umbrella roaming client works with most VPN software; however, certain AnyConnect and other VPN profiles may not resolve local DNS correctly on a VPN connection with Windows 10 due to the elimination of the system DNS binding order. The local LAN may bind above the VPN, failing to resolve local DNS over the tunnel. Select this setting to apply the legacy binding order behavior. For more information, see Windows 10: DNS Binding Order.
Umbrella Roaming Client
- IPv6 DNS Redirection—Provides DNS protection through redirection to Umbrella resolvers for IPv6.
AnyConnect Roaming Client
- Respect AnyConnect Trusted Network Detection—Trusted Network Detection (TND) is configured in the AnyConnect VPN Client profile. Enabling this setting disables the roaming module whenever TND indicates the current network is trusted.
Note: For tunnels, this functionality is only supported for full tunnels. It does not work for full tunnels with dynamic split tunneling. - Disable Umbrella Module on AnyConnect Full-tunnel VPN—When enabled, your roaming module is automatically disabled if a full-tunnel AnyConnect VPN session is active.
Disable DNS Redirection On Umbrella Protected Networks—Disables the DNS-based protection applied by the roaming client while on a network protected by Umbrella. This includes the intelligent proxy as it is a DNS-based redirect. Relies on the protection of the network for all features. To trigger this setting, network registration and the network must be the higher policy (not same, but higher) and the local DNS server egress network must be the same network registration as straight out from the computer to 208.67.222.222. Having the network be in the same org will not trigger disabling of DNS redirection. - Auto-update—When enabled, AnyConnect is automatically updated, except when active VPN is detected. This updates the entire AnyConnect client, including the roaming security module.
- VA Backoff—When enabled, DNS and Web forwarding to Umbrella is disabled if the Umbrella roaming client is behind a virtual appliance.
Note: Only supported for the Windows OS and AnyConnect 4.8 MR2 and above. - Trusted Network Domain—When enabled, DNS and web redirection to Umbrella is disabled if the subdomain name added to the Domain field is found on the network and resolves to an RFC-1918 local IP address.
- IPv6 DNS Redirection—Provides DNS protection through redirection to Umbrella resolvers for IPv6. This setting is separate from the same tilted setting listed under Umbrella Roaming Client Settings.
Note: The minimum required version of AnyConnect is 4.8mr2.
Configure Protected Networks for Roaming Computers < Roaming Computer Settings > Encryption and Authentication
Updated 11 months ago