cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
0
Helpful
2
Replies

Will DNS and Umbrella work during device isolation

jorale
Level 1
Level 1

During an automated isolation response from secure client, will the Isolated device still be reachable from the Secure client dashboard, and will the device communicate using DNS and be protected by Umbrella?

2 Replies 2

I honestly haven't tested, but I'm pretty sure you'll want to put the Umbrella IPs in the exceptions list for Isolation.

rickgardner
Level 4
Level 4

Yes, this is doable..

From the Cisco documentation:

https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf

IP Isolation Allow Lists An IP isolation allow list lets you specify IP addresses that the Secure Endpoint Windows and Mac connectors will not block when an endpoint is isolated. This allows the endpoint to communicate with trusted locations within your network for further investigation during an active Endpoint Isolation session. You can add up to 200 IPV4 addresses to this list. IP isolation allow lists do not support port numbers. IMPORTANT! By default, all Secure Endpoint Cloud addresses are included in the allow list so the connector can receive policy updates, perform cloud lookups, and update the isolation status.

You will just need to add the Umbrella IPs in the exceptions list.