I have an ASA cluster in AWS .
I have the roaming client on all my any connect users.
I am seeing a strange behaviour . Wheneevrr users are connected to any connect , umbrella is proxing many websites which it is not when users are not on anyconnect.
Like gitlab etc .
Is it normal or how to make both work same
Do you have a different policy rule for "Roaming Computers" compared to when they are not connected? If there are different policies with different rules that could explain it. Which license do you have?
Anyone ? We have two policies - one is vpn and other is default .
In vpn policy , we are blocking more like gambling etc .
But some websites are being proxies while connected to vpn but not when not connected.
This is a strange behaviour . Don't think so related to policy.
Could be because of intelligent proxy or certificate ?
Or chaining ?
When connected to ASAv , the request goes to asa in AWS cloud .but we have already added the public IP of asa as known ip in umbrella.
The issue is proxying
The intelligent proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators don't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers or compromise company data.