cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
371
Views
0
Helpful
8
Replies
skywalker_007
Beginner

Umbrella proxying

Hello , 

 

I have an ASA cluster in AWS .

 

I have the roaming client on all my any connect users.

 

I am seeing a strange behaviour . Wheneevrr users are connected to any connect , umbrella is proxing many websites which it is not when users are not on anyconnect.

 

Like gitlab etc .

 

Is it normal or how to make both work same 

8 REPLIES 8
Rob Ingram
VIP Mentor

@skywalker_007 

Do you have a different policy rule for "Roaming Computers" compared to when they are not connected? If there are different policies with different rules that could explain it. Which license do you have?

 

Hi @Rob Ingram  we have dns advantage.

 

You mean different  security rule in umbrella or ASAv ?

Rob Ingram
VIP Mentor

Yes, Umbrella policy.

Hi Rob,

 

There is no difference except we block some extra categories like gamble , lottery etc.

 

Does this make difference ?

skywalker_007
Beginner

@Rob Ingram Not able to figure out why there is a difference

skywalker_007
Beginner

Anyone ? We have two policies - one is vpn and other is default .

In vpn policy , we are blocking more like gambling etc .

 

But some websites are being proxies while connected to vpn but not when not connected.

 

This is a strange behaviour . Don't think so related to policy.

 

Could be because of intelligent proxy or certificate ?

 

Or chaining ?

 

When connected to ASAv , the request goes to asa in AWS cloud .but we have already added the public IP of asa as known ip in umbrella.

 

The issue is proxying

 

skywalker_007
Beginner

as we are using full tunnel , can we enable the below option on umbrella 

 

Disable umbrella module on Anyconnect full tunnel vpn

The intelligent proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators don't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers or compromise company data.

https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy

Content for Community-Ad

This widget could not be displayed.