08-31-2021 11:53 AM
Hello All,
Deployed Cisco umbrella and configured Network (Public IP Address) so any users within the premises exit via that public ip umbrella consider that machine legitimate and apply umbrella policies and also installed anyconnect roaming security module for off network umbrella protection.
My concern is the same users take their laptop to home and work from there. So what should i do so that user when inside the office umbrella internal policy should apply while they off-network roaming users policy should apply.
Note : Users login with their AD user credentails on their system on and off network both
Please guide
08-31-2021 12:03 PM - edited 08-31-2021 12:08 PM
@sv7 create a policy that applies to Roaming Computers, so assuming they have the anyconnect roaming agent install and the orginfo configuration file the umbrella policy will be applied.
09-01-2021 06:54 AM
Hi Rob,
Would it be a problem to apply a right policy if user login with same AD users credentails on the same machine while on and off network.
Also what identity i have to choose while creating policy for on and off network .
08-31-2021 12:16 PM
Hi,
Not a problem, this requirement can be accomplished by following steps specified on the following document, the guide contains detailed steps which will help you to implement it successfully:
I hope this helps!
09-01-2021 06:54 AM
Hi Ivan,
Would it be a problem to apply a right policy if user login with same AD users credentails on the same machine while on and off network.
Also what identity i have to choose while creating policy for on and off network .
09-02-2021 11:28 AM
Hi Ivan,
I have created Policy A for on-prem user login with Ad user credentails(configure Public IP as Network configured) and other for off-prem user login their system using same Ad credentails (used anyconnect security module).
Observed when user is off-network and login in their machine using Ad credentails he gets applied policy A which is created for on-prem users and not policy B which is created for 0ff-prem users
09-02-2021 12:04 PM
Hi,
Yes that is expected, the reason for that is because if you have Active Directory integration the AnyConnect will pass the User identity and it will match the policy that is matching the respective user or AD group this user belong to.
In order to accomplish On and Off-Network policies for Roaming Computers you need to have the following in place:
-Enable the "Disable DNS redirection while on an Umbrella Protected Network" under Roaming Computer Settings in the Umbrella dashboard
-Configure 2 policies
The above is specifically when you are using Network Protection and Roaming Clients, if you were to implement Virtual Appliances and start building policies based on AD groups you will need the policies configured in the following order:
I hope this helps to clarify your concerns.
09-04-2021 12:14 AM
Hi Ivan,
Thanks for your reply. I have followed your recommendation and gets resulted as expected for on-prem and roaming users login in their machine with their user credentails (without VA).
Regarding deployment with VA you have suggested we can create policy using Ad users for on-prem and roaming client for off-prem. So would it not be chances that on-prem policy might applied if same users login with their Ad user credentails while if they off-prem.
Just a doubt.
09-06-2021 10:21 AM
Hi,
The why you need to create the on-prem policy with AD user/group while keep the off-prem with Roaming Clients, is because if you enable "Active Directory Identity" for your Roaming Computers and you move the AD policy on top of the Roaming Computers, users with Roaming Client will always hit that policy while on or off-network, so that is the reason why you need to do that change from Network to Active Directory user/group identity in your on-prem policy.
I hope this helps!
09-20-2021 09:00 PM - edited 10-08-2021 10:58 PM
This requirement, can be accomplished by following steps specified on the following document, the guide contains detailed steps which will help you to implement it successfully:
https://docs.umbrella.com/deployment-umbrella/docs/customize-your-policies-1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide