We have ASAv ( version 9 in and 3DES license) in aws cloud
We have integrated ASAv with umbrella by following all steps described in cisco doc
however we still see umbrella status as UNKNOWN , on umbrella the Policy name is NEW Policy , so we identified that on ASA it has to be put with dash and not underscore NEW-Policy
But even if policy tag is wrong , does UNKNOWN status rely on Tagging also
The token API , Certificate everything is correct
Umbrella registration: tag: NEW_Policy, status: UNKNOWN, device-id: , retry 0
Umbrella resolver mode: fail-close
Umbrella resolver ipv4: 126.96.36.199 - operational
Umbrella resolver ipv6: 2620:119:53::53 - operational
Umbrella: bypass 0, req inject 0 - sent 0, res recv 0 - inject 0, local-domain-bypass 0
DNScrypt egress: rcvd 174269, encrypt 0, bypass 74269, inject 0
DNScrypt ingress: rcvd 388473, decrypt 0, bypass 88473, inject 0
DNScrypt: Certificate Update: completion 269, failure 0
haven't done it myself but I would expect the unknown mean its not reachable or there is inspection that blocking the flow such as sfr module. I can see the guide for configuring the connection advising to exclude port 53 and 443 to the umbrella IP's.
I hope this helps.
Apologies on my previous response as I assumed its an ASA X series which they have the module. ASAv as stated in your case doesn't have a module. Therefore, the sfr section doesn't apply to your scenario. However, checking the connectivity reason could be a good start to troubleshooting your issue.
Hopefully someone else might have a better idea on the possible reasons for this issue.
I changed the TAG to correct one;
I can now see status as
Umbrella registration: tag: VPN, status: 400 BAD REQ, device-id: , retry 0
I matched the API token and it is same .
for ASAv , i generated a token under the option Legacy network Devices in umbrella as per cisco documentation
I cant figure out why it does not work or integrate