Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3592
Views
3
Helpful
12
Replies

Unable to remove Umbrella DNS from Inspection in FMC

Michael Bartholomæussen
Level 1
Level 1

‎09-15-2023 02:33 AM

Hi All,

I need to remove our Umbrella DNS policy from the Inspection part of a Acces Control Policy.

Setting the Umbrella policy to "None", the deployment fails.

I'm only able to apply a different policy, but not remove it entirely.

FMC >> vpn-addr-assign local
FMC >> policy-map type inspect dns preset_dns_map
FMC >> parameters
FMC >> no umbrella device-id 010a05988689d935
dk-dc-transit-ftd-dc01 >> [error] :
no umbrella device-id 010a05988689d935
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- no umbrella device-id 010a05988689d9

Cheers

4 people had this problem
12 Replies 12

Marius Gunnerud
VIP
VIP

‎09-15-2023 03:10 AM

Hmm strange.  What version FMC are you using?

You could try to create a new Umbrella DNS policy, select it and deploy, and then once that is completed, try selecting None again.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Michael Bartholomæussen
Level 1
Level 1
In response to Marius Gunnerud

‎09-15-2023 03:32 AM

I tried to apply a new policy, with the default, but the Umbrella connector is still there, so it routes the quires to Umbrella Cloud
 
Version 7.3.1 (build 19)
Model
Secure Firewall Management Center for VMware
Serial Number
None
Snort Version
2.9.21 (Build 1000)
Snort3 Version
3.1.36.100 (Build 2)
Rule Pack Version
2890
Module Pack Version
3266
LSP Version
lsp-rel-20230912-1032
VDB Version
build 371 (2023-09-01 16:01:22)
Rule Update Version
2023-09-12-001-vrt
Geolocation Update Version
Country Code: 2023-08-17-100, IP: 2023-08-17-100
OS
Cisco Firepower Extensible Operating System (FX-OS) 2.13.0 (build 1022)
0 Helpful

Michael Bartholomæussen
Level 1
Level 1

‎09-16-2023 05:53 AM

UPDATE:

We spend some more time troubleshooting this issue, and discovered that everytime a new Domain bypass is created on the Umbrella Policy, an additional line "domain local bypass" is added to the "Global Umbrella" CMD. These no validation on this in the FMC GUI, and the value in the GUI cannot be "BLANK". We added "none" to the bypass list, and "none" was listed as a domain to be bypassed.

With Flexconfig we managed to remove the bypass config from the LINA code. We also tried to remove "umbrella device-id 010a05988689d9352" with Flexconfig but it failed. We did notice additional whitespace in the commandlet in the configuration.

0 Helpful

mmcphee
Cisco Employee
Cisco Employee

‎10-04-2023 12:32 PM

 I am having the exact same issues - cdFMC is on version 7.4, while the 2110 is on 7.3.1. Unable to resolve via Flexconfig and cdFMC.

 

 

ste.ant
Level 1
Level 1

‎03-25-2024 06:23 AM

I'm running FMC and FTD 1150 at 7.2.5.1 and I am experiencing the same issue.

Steve
0 Helpful

Michael Bartholomæussen
Level 1
Level 1

‎03-26-2024 03:02 AM

We had the issue resolved via a TAC case, unfortunately!

0 Helpful

bill.whelan
Level 1
Level 1

‎08-02-2024 11:31 AM

I ran into the same issue when attempting to removing the Umbrella connector feature while troubleshooting DNS issues that some Anyconnect users were experiencing. Just curious what was the underlying issue that led you to try and remove it.

0 Helpful

ste.ant
Level 1
Level 1
In response to bill.whelan

‎08-02-2024 12:04 PM

Hi, I had to involve TAC, they connected to my FTD devices and removed the Umbrella config using a process that a Cisco customer can not.
Steve
0 Helpful

danjaxdulin5
Level 1
Level 1
In response to ste.ant

‎02-03-2025 09:14 AM

I'm having the same issue.

Do you recall the process that TAC used? or the TAC case number so that I can share with my TAC who doesn't know how to remove it?

 

0 Helpful

bill.whelan
Level 1
Level 1
In response to danjaxdulin5

‎02-03-2025 03:17 PM

After upgrading to 7.4.x we were able to remove the Umbrella integration
and re-deploy with no issues.
If upgrading is not an option you might try using the "LinaConfig" tool to
remove the Umbrella config from FTD CLI, removing the relevant Umbrella
config in the FMC and re-deploying.
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bill.whelan

‎02-04-2025 05:08 AM - edited ‎02-04-2025 05:09 AM

Indeed. This is caused by the following bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi79393

It is fixed in, among others, 9.20(2.22) and later.

FTD 7.2.9 will also fix it: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/720/threat-defense-release-notes-72.html

The LINA code bundled in FTD 7.4.2 is 9.20(2.32). Reference: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#id_67425

0 Helpful

bill.whelan
Level 1
Level 1

‎02-03-2025 10:27 AM

After upgrading to 7.4.x we were able to remove the Umbrella integration and re-deploy with no issues.

If upgrading is not an option you might try using the "LinaConfig" tool to remove the Umbrella config from FTD CLI, removing the relevant Umbrella config in the FMC and re-deploying.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card