Anybody using this feature on the new 7.2 code for FMC? It allows you to specify an Umbrella DNS policy along with your standard DNS policy in the access policy (policy much?)
We got it working in the lab, had to reapply the CA cert from Umbrella. However we haven’t been successful in getting it to work in any prod environments. Seems the FTD never connects to umbrella, as shown thru the CLI command “sh service-policy inspect dns.” On a working install you should get an HTTP 200 message. We never get that message, it’s state just remains “unknown.” All prereqs are met, real head scratcher for me here. Wondering if there’s any “gotchas” that we are missing, but the same steps worked in lab so I don’t think so.