Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
5
Replies

Umbrella and Canon Uniflow

likvid
Level 1
Level 1

‎04-15-2024 06:58 AM

We are moving from Zscaler to Umbrella and use Canon Uniflow for the printers.

The printers worked fine before Umbrella but can not print anymore since moving to Umbrella.

There is only default policy enabled for the tunnels from sdwan routers to Umbrella cloud.

I tried to connect a laptop to the printer network and tried to connect to port 443 URLs in Canon cloud, it worked but the printers can't print, we tried to hard reset the printer to no availability.

Only thing changed really when moving from Zscaler to Umbrella is the source IP, however Canon does not use any white or blacklisting on their side.

Anyone had this problem?

Labels:
0 Helpful
5 Replies 5

Ken Stieers
VIP
VIP

‎04-15-2024 08:04 AM

Are you using SIG?
If so, are you decrypting HTTPS traffic? You may need to exempt Canon's website from decryption since its typically hard/impossible to add the Umbrella root cert to the printers.



________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful

likvid
Level 1
Level 1

‎04-15-2024 02:58 PM

Yes i am using SIG.

I have disabled HTTPS inspection and Intelligent Proxy

I have done pcap and examined the TLS flow and the client sends a Client Hello but doesn't get a Server Hello back.

0 Helpful

Ken Stieers
VIP
VIP
In response to likvid

‎04-15-2024 03:10 PM

Ask Canon if they have limit to where connections can come from... if they're expecting your IPs, or Zscaler's they may block because now you come from Umbrellas...

Or you can add the domain in question to the "just ignore Umbrella altogether" list under Deployments>Configuration>Domains>External Domains & IPs

________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful

likvid
Level 1
Level 1
In response to Ken Stieers

‎04-16-2024 06:23 AM

We had to revert back to Zscaler, talked to Canon and they don't have any whitelisting.

TLS handshake fails with Umbrella but works perfectly with Zscaler, Umbrella is such messy product that we might go on with Zscaler if this doesn't work out.

There is a TAC case with Cisco now.

0 Helpful

adamwin
Cisco Employee
Cisco Employee

‎04-16-2024 06:33 PM - edited ‎04-16-2024 06:34 PM

@likvid I'll take a look at that ticket. We'll get this sorted out for you.

0 Helpful
Customers Also Viewed These Support Documents