Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
2
Replies

SIG - Web Policy Issue?

dianawinskymartin
Level 1
Level 1

‎11-14-2024 07:07 AM

We experience inconsistent user experience when using the internal network or on-network, there are times that we can access the site or not and no logs are captured. We are using AD users' identities only that shared information with roaming client. Roaming is working when off-network and hits the policy and has logs. All users are domain-joined. When in on-network we have tunnels going to umbrella. What could be the possible solution in on-network that should hit the same policy as when off-network? We also tried using DNS forwarder but the status is unable to resolve. Could the routing to the tunnels be the issue?

Labels:
0 Helpful
2 Replies 2

nbogdaje
Cisco Employee
Cisco Employee

‎12-10-2024 11:34 AM

Check your SWG backoff settings in the roaming computer settings. If you are backing off your roaming users SWG then you will need to use SAML to get the AD user info when going over the tunnels for web traffic.

 

0 Helpful

dianawinskymartin
Level 1
Level 1
In response to nbogdaje

‎02-12-2025 03:11 AM

Hi, we are still experiencing this issue. There are checks in the SD-WAN section, but their findings show that traffic is being forwarded to SIG if the app or domain is not part of Cloud On-Ramp. Upon checking the policy debug in end devicess without secure client or with secure client that enabled backoff settings, we still see "Protected by DNS" instead of "Protected by SWG," and when using WhatIsMyIP, the public IP displayed is the SD-WAN public IP instead of the Umbrella IP.

0 Helpful
Customers Also Viewed These Support Documents