topic Re: How does roaming client know to disable itself in Internal Network? in Cloud Security

How does roaming client know to disable itself in Internal Network?

Madura Malwatte — Wed, 25 Sep 2019 13:50:24 GMT

From the Umbrella user guide appendix B - Virtual Appliances - https://docs.umbrella.com/deployment-umbrella/docs/appx-b-virtual-appliances

It says "If a computer running the Umbrella roaming client enters a network with VAs set in DHCP's DNS settings, the Umbrella roaming client does the following: Disables itself." Is there a document which explains how the mechanism works for RC to detecting on-prem or off-prem in more detail? For the RC to know it is off-prem does it do some type of probe to Umbrella cloud and receive a response telling it its off-prem (ie. originid field must match configured public egress IP's registered network in dashboard)? Or does the client figure it out for themselves without the umbrella cloud telling it its off-prem?

Re: How does roaming client know to disable itself in Internal Network?

Rob Ingram — Thu, 26 Sep 2019 17:33:32 GMT

Hi,

It sends probes to debug.opendns.com reguarly, depending on the result it determines whether it's connected behind a VA, if there is a local VA the roaming client disables, relying on the VA to perform the DNS enforcement. This doc describes the DNS probes in more detail, however it is for the AnyConnect Roaming Security module, but as far as I am aware it's the same behaviour.

HTH

Re: How does roaming client know to disable itself in Internal Network?

Anthony Owen — Fri, 13 Mar 2020 14:31:06 GMT

Would be interesting to know how the RC can deferentiate between VAs and that it is behind the VA of it's own organisation. Thinking along the lines of connecting to the internal infrastructure of another organisation (a customer for example) that are running it's own VAs. Would the RC still see itself as roaming I wonder?