cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2004
Views
0
Helpful
3
Replies

Cisco Umbrella Features and Issues

AhmedSoliman3804
Beginner
Beginner

In current customer scenario , customer have following.50 devices  ( laptop / mobile )
- All devices are independent with windows 10 and logging into Azure AD/ Office 365
- No Domain Controller onsite
- User travel with laptop / mobile / tablet
- Users are in 4 different countries and all independent with no server or firewall
- One Watchguard T30W firewall to route internet for everyone onsite
     - DHCP role
     - DNS role
     - gateway 
I have done following

- Changed the DNS On Firewall for Open DNS
- Added the external ID of firewall to Cisco Umbrella 
I want to achieve following:

- Track each user by PC Name or IP Address
- Ensure mobile / laptop / tablet protected even when they travel
- Ensure users cannot disable roaming clients
- Deep scan of URL if possible
- IPS / Antivirus

3 Replies 3

Rob Ingram
VIP Master VIP Master
VIP Master
Hi,
If you use the AnyConnect Client with the Umbrella module or the Umbella Roaming Client, this will report the hostname/local IP address and protect the laptops when the users travel. If required you can implement umbrella policies just for the roaming computers in addition to a policy when connected to the local network.

If the laptops are independant and not joined to an Active Directory domain, I don't see how you can stop the users from disabling the client themselves.

You can use the Umbrella's Intelligent Proxy with SSL decryption to provide deeper inspection for URLs/Files and anti-virus protection. You'll need to ensure the users computer has the Cisco Umbrella's Root Certificate installed on the computers.

HTH

Thx RJI

opryluts
Cisco Employee
Cisco Employee

Hi Ahmed,

 

With regard to your requirements:

 

- Track each user by PC Name or IP Address:

For both onsite and mobile users, Anyconnect Roaming client or Umbrella ERC module would be the best. Both of them give you an extra layer of protection - IP layer enforcement to protect direct IP communication. With AnyConnect you'll be able to utilize SWG feature as well in future (full proxy mode, HTTP/HTTPS requests control and visibility)

 

Another option for onsite users would be Umbrella VM which gives you the internal IP address visibility, for PC name visibility AD integration is required.


- Ensure mobile / laptop / tablet protected even when they travel

 

Anyconnect Roaming client or Umbrella ERC for sure your choice.


- Ensure users cannot disable roaming clients

 

For Umbrella ERC it is possible with limiting users right in Windows. For AnyConnect Roaming client lockdown feature is available during deployment - https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/administration/guide/b_AnyConnect_Administrator_Guide_4-3/deploy-anyconnect.html#ID-1425-000002b3

 

- Deep scan of URL if possible

 

With AnyConnect will be possible soon


- IPS / Antivirus

 

All traffic passing through Umbrella cloud is scanned/inspected by multiple security engines like AV/Malware protection/etc.

 

Let me know if you have further questions. If you find the reply helpful please mark it accordingly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers