Is there a document for Umbrella configuration using FTD instead of ASA code? I saw the document for ASA but didn't find anything for FTD. I have the OrgInfo.json file downloaded but haven't seen any documents for FTD integration for the Cisco AnyConnect Umbrella Roaming Security Module. Is it supported and if so, is there any documentation on getting it working.
Ok thanks. If i manually import the file to the client workstation and put it in the path documented in the Cisco document (https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/administration/guide/b_AnyConnect_Administrator_Guide_4-3/b_AnyConnect_Administrator_Guide_4-3_chapter_01100.html)
should the package still work as expected? The client is registered in the portal but when they connect to AnyConnect their local dns settings don't get updated to reflect the public ips for Umbrella.
If you placed the org.json file in "%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\" then the AnyConnect client should confirm "Umbrella is Active" < the wording may vary depending on AnyConnect version (screenshot below is from 4.8).
You need to ensure you have .NET Framework 4.0 minimum installed. That's all that is required, DNS traffic should then match one of your DNS polcies.
The system DNS settings would not be changed, rather the DNS requests are intercepted by the AnyConnect Umbrella Raoming Security client, encrypted and then forwarded to the Umbrella cloud using tcp/443, rather than a normal dns request on udp/53 - the only except is health check probes to debug.opendns.com.
More information here:-
Yes, the .json file was put in the path and the Umbrella configuration shows that is active as you noted; it shows active both when connected and disconnected over the VPN. The current AnyConnect policy is handing out 2 internal DNS servers and is using split tunneling to send only corporate networks over the tunnel.
Is there a validate on the client machine that the requests are in fact going to Umbrella rather than the locally configured DNS server? I've confirmed dns resolution works over the vpn for internal resources.
You could run a wireshark on the local computer, filter on "dns" - you will notice only dns requests for "debug.opendns.com". Change the filter to "ip.addr==220.127.116.11" or 18.104.22.168, this should be TLS1.2 - these are your dns requests being sent to the Umbrella cloud.