cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2679
Views
0
Helpful
8
Replies

Umbrella proxying

skywalker_007
Spotlight
Spotlight

Hello , 

 

I have an ASA cluster in AWS .

 

I have the roaming client on all my any connect users.

 

I am seeing a strange behaviour . Wheneevrr users are connected to any connect , umbrella is proxing many websites which it is not when users are not on anyconnect.

 

Like gitlab etc .

 

Is it normal or how to make both work same 

8 Replies 8

@skywalker_007 

Do you have a different policy rule for "Roaming Computers" compared to when they are not connected? If there are different policies with different rules that could explain it. Which license do you have?

 

Hi @Rob Ingram  we have dns advantage.

 

You mean different  security rule in umbrella or ASAv ?

Yes, Umbrella policy.

Hi Rob,

 

There is no difference except we block some extra categories like gamble , lottery etc.

 

Does this make difference ?

skywalker_007
Spotlight
Spotlight

@Rob Ingram Not able to figure out why there is a difference

skywalker_007
Spotlight
Spotlight

Anyone ? We have two policies - one is vpn and other is default .

In vpn policy , we are blocking more like gambling etc .

 

But some websites are being proxies while connected to vpn but not when not connected.

 

This is a strange behaviour . Don't think so related to policy.

 

Could be because of intelligent proxy or certificate ?

 

Or chaining ?

 

When connected to ASAv , the request goes to asa in AWS cloud .but we have already added the public IP of asa as known ip in umbrella.

 

The issue is proxying

 

skywalker_007
Spotlight
Spotlight

as we are using full tunnel , can we enable the below option on umbrella 

 

Disable umbrella module on Anyconnect full tunnel vpn

The intelligent proxy is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators don't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers or compromise company data.

https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy