Umbrella: Roaming Client on a Protected Network

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2019 07:02 AM
Hi guys,
I'm facing an issue which I'm not able to solve. Actually, I'm not sure if it is an issue or expected behaviour. Here is my situation:
Have Roaming Computer - Roaming client installed
Roaming computer is connected to a network protected by Umbrella - DNS forwader configured and the VIP is also configured in the Dashboard.
There is an option under the Roaming Computer settings - Disable DNS redirection while on an Umbrella Protected Network - NOT checked
Have two policies (one for network, one for roaming computers) - exactly like here:
https://support.umbrella.com/hc/en-us/articles/230560847-Umbrella-Roaming-Client-Protected-Networks
- other prerequisites are also matched.
I expected the computer will match the roaming policy, but it is matching the network policy.
Is that expected? Or there is something wrong in my configuration?
It really doesn't make sense to me since the computer will always be behind the network policy so I can't enable.
Hope my description is clear enough.
Thank you,
SP.
- Labels:
-
Cloud Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2019 09:37 AM - edited 02-13-2019 09:47 AM
This is expected behavior.
On a protected network, DNS will function as though they are regular network users:
- Roaming users will be subject to the relevant network policy's settings.
- Reporting will be at the network level: You will lose Umbrella roaming client's granular reporting.
- Umbrella roaming client disables itself, DNS settings revert to the network DNS.
- Outbound DNS will no longer be encrypted.
There is a good doc available that will help you understand roaming client behavior on your network and how to tune if needed.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2019 07:49 AM
Can you check if the policy for roaming client is above the network policy since the policy flow is from up to down.
If it is proper then check laptop with outside network if the policy flow is proper.
