Guides
ProductDeveloperPartnerPersonal
ProductDeveloperPartnerPersonal

Roaming Computers Settings

Suggest Edits

Several advanced settings for both the Umbrella roaming client and the AnyConnect Umbrella Roaming Security module can be configured.

Prerequisites

Procedure

  1. Navigate to Deployments > Core Identities > Roaming Computers and click Settings.
1097
  1. Select a tab and then options on that tab:

General Settings

1467
  • Auto-Delete Inactive Roaming Computers
    Automatically deletes all roaming computers that have not synced for the specified period of time. Unsynced roaming computers are removed from the Umbrella dashboard, but the client software is not automatically uninstalled from the computer. If a roaming computer comes back online, it re-appears in the dashboard once it has re-synced, even if it has been deleted.
  • Active Directory—Enables identity support for roaming computers. Identity support is an enhancement to the Umbrella roaming client or the AnyConnect Umbrella roaming security module that provides Active Directory user and group identity-based policies, in addition to user and private LAN IP reporting. See Identity Support for the Roaming Client.
  • VPN Compatibility Mode—The Cisco Umbrella roaming client works with most VPN software; however, certain AnyConnect and other VPN profiles may not resolve local DNS correctly on a VPN connection with Windows 10 due to the elimination of the system DNS binding order. The local LAN may bind above the VPN, failing to resolve local DNS over the tunnel. Select this setting to apply the legacy binding order behavior. For more information, see Windows 10: DNS Binding Order.

Umbrella Roaming Client

1467
  • IPv6 DNS Redirection—Provides DNS protection through redirection to Umbrella resolvers for IPv6.

AnyConnect Roaming Client

2678
  • AnyConnect VPN Trusted Network Detection—Trusted Network Detection (TND) is configured in the AnyConnect VPN Client profile. Enabling this setting disables DNS and web traffic forwarding to Umbrella whenever TND indicates the current network is trusted. Currently, DNS and web traffic can only be disabled together.
    Note: For tunnels, this functionality is only supported for full tunnels. It does not work for full tunnels with dynamic split tunneling.
  • AnyConnect Full-Tunnel VPN—When enabled, DNS and web traffic forwarding to Umbrella is disabled when a full-tunnel AnyConnect VPN session is active.
  • Auto-update—When enabled, AnyConnect is automatically updated, except when active VPN is detected. This updates the entire AnyConnect client, including the roaming security module. Secure Client is not affected.
  • VA Backoff—When enabled, client redirection of DNS to umbrella stops while a virtual appliance is detected on the network. It also controls web direction (SWG) for AnyConnect prior to 4.10.07 (MR7), and Secure Client prior to 5.0.02 (MR2). DNS back off control is supported on all versions of Umbrella roaming client, all versions of Cisco Secure Client, and AnyConnect from Windows 4.8 MR2, and macOS 4.10 MR7.
  • Trusted Network Domain—When enabled, DNS and web redirection to Umbrella is disabled if the subdomain name added to the Domain field is found on the network and resolves to an RFC-1918 local IP address.
    • Domain—The subdomain that Umbrella queries the local DNS server for when Trusted Network Domain is enabled.
  • IPv6 DNS Redirection—Provides DNS protection through redirection to Umbrella resolvers for IPv6. This setting is separate from the same tilted setting listed under Umbrella Roaming Client Settings.
    Note: The minimum required version of AnyConnect is 4.8.02 (MR2).
  • Secure Web Gateway—Provides full web proxy protection for internet traffic by turning on the SWG Agent for all devices. See also, Enable the AnyConnect SWG Agent.
    Note: SWG for individual devices can also be controlled using Selective Enablement.

Configure Protected Networks for Roaming Computers < Roaming Computer Settings > Encryption and Authentication

Updated 4 months ago