Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
176
Views
2
Helpful
4
Replies

After Umbrella-Meraki integration AD user is no longer visible

Chess Norris
Level 4
Level 4

‎03-26-2025 01:47 AM

Hello,

A customer have started integrating Meraki MX and MR devices. Before they where just redirecting traffic to the Umbrella VA's.

After the integration, the customer reporting issues that they no longer can see or find the actual user ID under the activity search. Instead they just see the mx device name and the IP adress of the user. In some rare cases it works to search for the internal IP adress to get the user ID, but that it's only possible maybe 5% of the times.

I belive this issue is caused to the fact that the traffic is traversing the MX and are now encrypted, but is there any workarround other than turn odd the integration?

Thanks

/Chess

Labels:
0 Helpful
4 Replies 4

Konstantinos9
Cisco Employee
Cisco Employee

‎03-26-2025 03:33 AM

Hello Chess Norris,

To get a username associated with the DNS traffic in your umbrella dashboard, you need to have the traffic redirected via an Umbrella VA + AD Connector or by the Secure Client with the Umbrella roaming module.

If the customer has removed the VAs or changed the redirection method, and relies only on the Meraki Devices for DNS redirection to the Umbrella cloud, User authentication is not supported in this scenario. Even with the Meraki devices integrated, they still need to use VA + AD Connector to be able to authenticate user traffic.

Hope this helps. You can easily test by configuring a client to explicitly use a Virtual Appliance and see if the username will appear in the reports.

Hope this helps.
Konstantinos

Chess Norris
Level 4
Level 4
In response to Konstantinos9

‎03-26-2025 05:46 AM

Hello @Konstantinos9 ,

Before we did the integration with Meraki, the customer redirected all DNS traffic to the VA without beeing intercepted by the Meraki MX.

There is a setting in Umbrella under roaming computer called "Backoff Behind Virtual Appliance" If I understand it correctly, this setting will allow the DNS traffic to go directly to the VA without the Meraki MX intercepting it, but not sure this will help in this scenario? 

Thanks

/Chess

 

 

0 Helpful

Konstantinos9
Cisco Employee
Cisco Employee
In response to Chess Norris

‎03-26-2025 07:48 AM

Hello @Chess Norris ,

When "Backoff Behind Virtual Appliance" basically the Secure Client with the Roaming module will be disabled only if it detects that the local DNS server is a VA. Keep in mind it won't redirect automatically. I think we may need to discuss the architecture of the deployment.

If those devices are have the Secure Client with the Roaming module installed, the client will authenticate and redirect the DNS traffic regardless if there is a VA or an integration of the Meraki devices.

Usually to protect your managed devices it's better to rely on the Virtual Appliance and / or the Secure Client. If all components are deployed, and still user traffic is not authenticated, then I would assume that the DNS traffic is not redirected by the Secure client or the Virtual appliance.

Kind regards,
Konstantinos

 

Ken Stieers
VIP
VIP
In response to Konstantinos9

‎03-26-2025 06:11 AM

If they are using SIG, they can also use SAML
0 Helpful
Customers Also Viewed These Support Documents