Our corporate laptops run AnyConnect 4.7 with the VPN and Umbrella Roaming Security modules (not the standalone URC). We enforce an always vpn policy, but before the user connects to the VPN, I have noticed (with a Wireshark capture) that the Umbrella module of AC is reporting that it is not protected, and instead, the laptop sends out DNS queries (for corporate LAN resources) out to whatever DNS is configured on the local LAN instead of sending this to the Umbrella cloud. When the VPN is established, the URS module communicates fine with the corporate UVA's as expected.
Why does this behavior occur? Is this a bug, or a configuration oversight on my part?
Prior to deploying AC to the laptops, they had the standalone URC installed, and this worked just fine when working off the corporate LAN. Does the URS module of AnyConnect not work the same way?
Thanks in advance.
The AnyConnect Umbrella Roaming Client should work with or without the VPN beng connected. I've not used it in conjunction with Always-On VPN feature; but I've used it otherwise since it was first released and it always has behaved properly in my experience.
I think I may try to uninstall AC altogether and then reinstall the standalone URC and then install AC without the URS module and see how that combination behaves.
If it behaves differently (positively), then I'll probably open a case with TAC for further investigation.