IPv4 and IPv6 DNS Protection Status
After you install the AnyConnect Umbrella Roaming Security module, new state changes appear in the AnyConnect endpoint. Within the AnyConnect user interface, the Roaming Security tile provides status information. If you do not see a displayed state, the Roaming Security Module is installed, but the OrgInfo file is not deployed.
AnyConnect as of 4.8 MR2
View status information in the AnyConnect roaming security module.
- Open the AnyConnect Secure Mobile Client.
- Navigate to Roaming Security > Statistics.
DNS and IP Layer State Descriptions
State | Description | Condition |
---|---|---|
Reserved | Checking Connection Status. | This operating state occurs during the following conditions:
|
Open | You are not currently protected by Umbrella. There is at least one active network connection; however, the roaming client cannot connect to Umbrella for Government resolvers over port 53/UDP or 443/UDP on any active connection. The user is not protected by Umbrella or reporting to Umbrella. The system’s DNS settings will revert to their original settings—DHCP or Static. | This operating state occurs during the following conditions:
|
Protected | You are protected by Umbrella. A network connection is active, and the Roaming Module is able to connect to Umbrella for Government resolvers over port 53/UDP, but not 443 UDP. The user is protected and reporting to Umbrella, but the connection is not encrypted. | This state may occur when the module is first activated or when there is a network interface change. |
Encrypted | You are protected by Umbrella. | This operating state occurs during the following conditions:
|
Protected Network | You are on a network protected by Umbrella. | This operating state occurs during the following conditions:
Note: This state is not possible for all Umbrella roaming package customers because there is no network-level protection. |
Behind Virtual Appliance | You are protected by an Umbrella virtual appliance (VA). | This operating state occurs when the endpoint configured DNS address (through DHCP or statically) is the Umbrella VA address. |
VPN Trusted Network State | Disabled while you are on a trusted network. | This operating state occurs during the following conditions:
Note: This setting is true for all roaming package customers and cannot be changed by the administrator. |
Disabled due to VPN State | Disabled while your VPN is active. | This operating state occurs during the following conditions:
Note: This setting is true for all roaming package customers and cannot be changed by the administrator. |
No OrgInfo.json State | You are not currently protected by Umbrella. | This operating state occurs when the OrgInfo.json file was not deployed to the proper directory:
|
Agent Unavailable State | You are not currently protected by Umbrella. Service unavailable. Local Umbrella module DNS protection is not active because the Umbrella agent is not running. | This operating state occurs when the Umbrella agent service is not currently running because of a crash or manual service stop. |
Missing .NET Dependency State (Windows only) | You are not currently protected by Umbrella. Microsoft 4.0 NET framework is not installed. Local Umbrella module DNS protection is not active because the Umbrella agent is not running. The .NET runtime framework is missing. | This operating state occurs when the Umbrella agent service is not running due to a missing .NET 4.0 runtime. |
Disabled | (IPv6 only) An Umbrella administrator disables DNS protection over IPv6. | This operating state occurs when the Umbrella administrator disables DNS protection on IPv6 through the Umbrella dashboard. |
Disabled (no network) | (IPv6 only) AnyConnect client disables DNS protection over IPv6. | If the AnyConnect roaming security module detects an IPv6 link-local address while performing an IPv6 connectivity probe, then the client disables DNS protection over IPv6. |
Not Required | The client is not attempting coverage in this state, as it is not expected nor required. This state applies individually to IPv4 and to IPv6 on Windows. | The client was not able to find a suitable local DNS resolver for the IP Protocol, and therefore is disabled awaiting the discovery of a suitable local DNS resolver. This is most common when on a dual stack network, but only IPv4 resolvers are configured. |
Install the Root Certificate < IPv4 and IPv6 DNS Protection Status > Interpret Diagnostics
Updated 3 months ago