docs.umbrella.com
Open in
urlscan Pro
104.16.242.118
Public Scan
URL:
https://docs.umbrella.com/umbrella-user-guide/docs/secure-client-deploying-umbrella
Submission: On May 01 via manual from US — Scanned from DE
Submission: On May 01 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Jump to Content
GuidesFedRAMP DNS User GuideFedRamp SIG User GuideUmbrella User GuidePartner
Console DocumentationMSP User GuideCloudlock DocumentationUmbrella SIG User
GuideGuidesInvestigate-UIManaged Services Console User GuideISP Deployment
--------------------------------------------------------------------------------
ProductDeveloperPartnerPersonal
Guides
ProductDeveloperPartnerPersonal
Umbrella SIG User Guide
Guides
Deploy Umbrella for Cisco Secure Client
Search
CTRL-K
Deploy Umbrella for Cisco Secure Client
All
Guides
Changelog
START TYPING TO SEARCH…
CISCO UMBRELLA SIG USER GUIDE
* Welcome to Cisco Umbrella
* Start Protecting Your Systems
* Find Your Organization ID
* Determine Your Current Package
* Umbrella Policies Overview
* SWG Data Centers
* Reserved IP
* Reserved IP Supplemental Terms
* Reserved IP Supplemental Terms - Archived
* View Cloud Security Service Status
* Contact Umbrella Support
* Get Started
* Set Up DNS-Layer Security
* Point Your DNS to Cisco Umbrella
* Set Up Web Security
* Configure the Secure Web Gateway
* Uninstalling Umbrella
* Umbrella Integration with Secure Web Appliance
* Configure Web Policies and Destination Lists
* Policy Features
* Limitations and Range Limits
* Manage Identities
* Add a Network Identity
* Delete a Network Identity
* Identity and SIG Deployment
* Add a Network Device
* Delete a Network Device
* Find the Total Number of Identities in Your Organization
* Manage Domains
* Add Internal Domains
* Add External Domains and IPs
* Bulk Upload External Domains and IPs
* Wildcards and Domain Management
* Manage DNS Policies
* Add a DNS Policy
* Test a DNS Policy
* DNS Policy Settings
* DNS Policy Precedence
* Best Practices for DNS Policies
* Enable SafeSearch for DNS Policies
* Group Roaming Computers with Tags
* Manage the Web Policy
* Add a Ruleset to the Web Policy
* Add Rules to a Ruleset
* Test the Web Policy
* Web Policy Precedence
* Best Practices for the Web Policy and Rulesets
* Manage Global Settings
* Confirm SafeSearch for a Web Policy Ruleset
* Understand Isolated Destinations
* Monitor Bandwidth Usage in the App Discovery Report
* Manage the Data Loss Prevention Policy
* Add a Real Time Rule to the Data Loss Prevention Policy
* Understand Exclusions in a Real Time Rule
* Supported Applications
* Add a SaaS API Rule to the Data Loss Prevention Policy
* Discovery Scan
* Edit a Data Loss Prevention Rule
* Delete a Data Loss Prevention Rule
* Enable or Disable a Data Loss Prevention Rule
* Supported File and Form Types
* Manage the Firewall Policy
* Add a Firewall Rule
* Delete a Firewall Rule
* Configure IPS Settings for Firewall Policy
* Change a Firewall Priority
* Monitor Hit Count
* Edit Hit Count
* Review Firewall Logs in Reports
* Check Protocol of Firewall Traffic
* Manage IPS
* Add a Custom Signature List
* Delete a Custom Signature List
* Reset a Signature's Action
* Manage Security Settings
* Add a DNS Security Setting
* Add a Web Security Setting
* Dispute a Security Categorization
* DNS Security Categories
* Web Security Categories
* Third-party Security Integrations
* Set Up Custom Integrations
* Custom Integration Best Practices
* Manage Content Categories
* Add a DNS Content Category Setting
* Legacy DNS Content Category Definitions
* DNS Content Categories
* DNS Content Category Changes
* Add a Web Content Category Setting
* Web Content Categories
* Web Content Category Name Changes
* Migrate Content Categories
* Dispute a Content Categorization
* View Content Categories in Reports
* Manage Data Classifications
* Create a Data Classification
* Copy and Customize a Built-In Data Classification
* Delete or Edit a Classification
* Create an Exact Data Match Identifier
* Index Data for an EDM
* Exact Data Match Field Types
* Create an Indexed Document Match Identifier
* Built-In Data Classifications
* Built-In Data Identifiers
* Copy and Customize a Data Identifier
* Create a Custom Identifier
* Custom Regular Expression Patterns
* Individual Data Identifiers
* Manage Application Settings
* Add a DNS Application Setting
* Add a Web Application Setting
* Delete an Application Setting
* Application Categories
* Manage Advanced App Controls
* Manage Tenant Controls
* Add a Tenant Controls Setting
* Control Cloud Access to Microsoft 365
* Control Cloud Access to Google G Suite
* Control Cloud Access to Slack
* Control Cloud Access to Dropbox
* Review Tenant Controls Through Reports
* Manage Destination Lists
* Add a DNS Destination List
* Add a Web Destination List
* Add a SAML Bypass Destination List
* Edit a Destination List
* Add Destinations in Bulk
* Download Destinations to a CSV File
* Control Access to Custom URLs
* Wildcards and Destination Lists
* Add Top-Level Domains To Destination Lists
* Add Punycode Domain Name to Destination List
* Test Your Destinations
* Troubleshoot DNS Destination Lists
* Manage File Analysis
* Enable File Inspection for DNS Policies
* Enable File Inspection for the Web Policy
* Enable Cisco Secure Malware Analytics (Threat Grid)
* Test File Inspection
* Troubleshoot File Inspection
* Manage File Type Control
* Enable File Type Control
* File Types to Block
* Review File Type Controls Through Reports
* Manage Selective Decryption
* Add a Web Selective Decryption List
* Manage Schedule Settings for the Web Policy
* Add a New Schedule Setting for the Web Policy
* Manage Certificates
* Install the Cisco Umbrella Root Certificate
* Add Customer CA Signed Root Certificate
* Delete Customer CA Signed Root Certificate
* View Cisco Trusted Root Store
* Manage the Intelligent Proxy
* Enable the Intelligent Proxy
* Test the Intelligent Proxy
* Test Selective Decryption
* Review the Intelligent Proxy Through Reports
* Enable SSL Decryption
* Test SSL Decryption
* Manage Umbrella's PAC File
* Deploy Umbrella's PAC File for Windows
* Deploy Umbrella's PAC File for Mac
* Customize Umbrella's PAC File
* Manage Proxy Chaining
* Forwarded-For (XFF) Configuration
* Customize Block and Warn Pages
* Create a Custom Block Page
* Create a Custom Warn Page
* Allow Users to Contact an Administrator
* Add a Custom Logo
* Redirect to a Custom Block Page
* Block Page IP Addresses
* Set Up a Block Page Bypass User
* Create a Block Page Bypass Code
* Enable Block Page Bypass in a Policy
* Manage Tunnels
* Check Device Compatibility
* Add Network Tunnel Identity
* Supported IPsec Parameters
* Connect to Cisco Umbrella Through Tunnel
* Monitor Network Tunnel Status
* Network Tunnel Configuration
* Configure Tunnels with Catalyst SD-WAN cEdge and vEdge
* Configure Tunnels Automatically with Catalyst SD-WAN cEdge and vEdge
* Configure Tunnels with Meraki MX – Option 1
* Configure Tunnels with Meraki MX – Option 2
* Configure Tunnels with Cisco Adaptive Security Appliance (ASA)
* Configure Tunnels with Cisco ISR
* Configure IKEv2 IPsec Tunnel with Umbrella
* Configure Tunnels Automatically with Cisco ASA and CDO
* Configure Tunnels with Cisco Secure Firewall
* Configure Tunnels with Palo Alto IPsec
* Configure Tunnels with Alibaba Cloud IPsec
* Configure Tunnels with Palo Alto Prisma SDWAN
* Configure Tunnels with Cisco Router in AWS
* Configure Tunnels with Azure IPsec
* Configure Tunnels with Oracle Cloud IPsec
* Configure Tunnels with Google Cloud Platform IPsec
* Configure Tunnels with Sophos XG IPsec
* Configure Tunnels with Silver Peak
* Configure Tunnels with Fortinet IPsec
* Configure Tunnels with Checkpoint GAiA
* Manage Accounts
* Add a New Account
* Delete an Account
* Change Account Settings
* Hide Identities with De-identification
* Manage User Roles
* Add a New User
* Add a Custom User Role
* Manage API Keys
* Add Umbrella API Keys
* Add Umbrella Legacy API Keys
* Add Static API Keys
* Add KeyAdmin API Keys
* Manage Your Logs
* Upgrade Reports
* Enable Logging to Your Own S3 Bucket
* Enable Logging to a Cisco-managed S3 Bucket
* Change the Location of Event Data Logs
* Stop Logging
* Delete Logs
* Log Formats and Versioning
* Reports and CSV Formats
* Admin Audit Log Formats
* Cloud Firewall Log Formats
* Data Loss Prevention (DLP) Log Formats
* DNS Log Formats
* IPS Log Formats
* Web Log Formats
* Manage Authentication
* Enable Two-Step Verification
* Disable Two-Step Verification
* Enable Cisco Security Cloud Sign On (formerly SecureX SSO)
* Disable Cisco Security Cloud Sign On (formerly SecureX SSO)
* Get Started with Single Sign-On
* Enable SSO with Duo
* Enable SSO with PingID
* Enable SSO with Okta
* Enable SSO with OneLogin
* Enable SSO with Azure
* Enable SSO with Other IDPs
* Manage Cloud Malware Protection
* Enable Cloud Malware Protection
* Revoke Authorization for a Platform
* Enable Cloud Malware Protection for Dropbox Tenants
* Enable Cloud Malware Protection for Box Tenants
* Enable Cloud Malware Protection for Microsoft 365 Tenants
* Enable Cloud Malware Protection for Webex Teams Tenants
* Enable Cloud Malware Protection for Google Drive
* Manage SaaS API Data Loss Prevention
* Enable SaaS API Data Loss Protection for Google Drive Tenants
* Enable SaaS API Data Loss Protection for Webex Teams Tenants
* Enable SaaS API Data Loss Protection for Microsoft 365 Tenants
* Enable SaaS API Data Loss Protection for Dropbox Tenants
* Enable SaaS API Data Loss Protection for Box Tenants
IDENTITY INTEGRATIONS
* Introduction
* Configure SAML Integrations
* Prerequisites
* SAML Certificate Renewal Options
* Configure Azure AD for SAML
* Configure Okta for SAML
* Configure AD FS for SAML
* Configure Duo Security for Cisco Umbrella SAML
* Configure PingID for SAML
* Configure OpenAM for SAML
* Configure Other IdPs for SAML
* Enable IP Surrogates for SAML
* Configure SAML for Multiple EntityIDs
* Provision Identities from Active Directory
* Prerequisites
* Connect Multiple Active Directory Domains to Umbrella
* Connect Active Directory to Umbrella to Provision Users and Groups
* Change the Connector Account Password
* Communication Flow and Troubleshooting
* Provision Identities Through Manual Import
* Provision Identities from Azure AD
* Provision Identities from Okta
* Active Directory Integration with Virtual Appliances
* Prerequisites
* Active Directory User Exceptions
* Prepare Your Active Directory Environment
* Connect Active Directory to Umbrella VAs
* Multiple Active Directory and Umbrella Sites
* Change the Connector Account Password
* Communication Flow and Troubleshooting
REPORTS
* Get Started with Reports
* Export Report Data to CSV
* Bookmark and Share Reports
* Report Retention
* Schedule Reports
* Schedule a Report
* Update a Scheduled Report
* Overview Report
* Security Activity Report
* View Activity and Details by Filters
* View Activity and Details by Event Type or Security Category
* View an Event's Details
* Search for Security Activity
* Activity Search Report
* Use Search and Advanced Search
* App Discovery Report
* View the Highest Risk Apps
* Review Apps in the Apps Grid
* View App Details
* Change App Details
* Control Apps
* Advanced App Controls
* View Traffic Data Through SWG
* View CDFW Events
* Top Threats Report
* Threat Type Details
* Threat Type Definitions
* Total Requests Report
* Activity Volume Report
* Top Destinations Report
* Destination Details
* Top Categories Report
* Category Details
* Top Identities Report
* Identity Details
* Admin Audit Log Report
* Export Admin Audit Log Report to an S3 Bucket
* Cloud Malware Report
* Data Loss Prevention Report
ROAMING CLIENT USER GUIDE
* Introduction
* Prerequisites
* Download and Install the Roaming Client
* Verify Roaming Client Operation
* Configure DNS Policies for Roaming Computers
* Identity Support for the Roaming Client
* Status, States, and Functionality
* Virtual Appliances
* Troubleshooting
* Domain Management
* Configure Protected Networks for Roaming Computers
* Roaming Computers Settings
* Encryption and Authentication
* Command-line and Customization for Installation
* Remote Logging and Diagnostics
* macOS Mobile Device Management
UMBRELLA ROAMING SECURITY: CISCO SECURE CLIENT
* Introduction
* Frequently Asked Questions
* Secure Umbrella Roaming: Cisco Secure Client (Formerly AnyConnect)
* Quick Start Guide
* Prerequisites
* Before You Begin
* Deploy Umbrella for Cisco Secure Client
* Meraki Systems Manager (SM) Deployment
* Enable the Umbrella SWG Agent
* Install the Root Certificate
* IPv4 and IPv6 DNS Protection Status
* Interpret Diagnostics
* Customize Windows Installation of Cisco Secure Client
* Customize macOS Installation of Cisco Secure Client
* Active Directory Policy Enforcement and Identities
* Virtual Appliances
* Domain Management
* Configure Protected Networks for Roaming Computers
* Roaming Computer Settings
VIRTUAL APPLIANCE USER GUIDE
* Introduction
* Prerequisites
* Deployment Guidelines
* Importance of Running Two VAs
* Deploy Virtual Appliances
* Deploy VAs in Hyper-V for Windows 2012 or Higher
* Deploy VAs in VMware
* Deploy VAs in Microsoft Azure
* Deploy VAs in Amazon Web Services
* Deploy VAs in Google Cloud Platform
* Deploy VAs in KVM
* Deploy VAs in Nutanix
* Deploy VAs in Alibaba Cloud
* Configure Virtual Appliances
* Local DNS Forwarding
* Reroute DNS
* Update Virtual Appliances
* Virtual Appliance Sizing Guide
* SNMP Monitoring
* Troubleshoot Virtual Appliances
* Other Configurations
SITES AND INTERNAL NETWORKS
* Internal Networks Setup Guide
* Provision a Subnet for Your Virtual Appliance
* Manage Sites
* Manage Internal Networks
* Assign a DNS Policy to Your Site
MANAGED IOS
* Cisco Security Connector: Umbrella Setup Guide
* Quick Start
* Anonymize Devices
* Meraki Registration
* Verify Umbrella with Meraki
* Meraki Documentation
* Register an iOS Device Through Apple Configurator 2
* IBM MaaS360 Registration
* Intune Registration
* Jamf Registration
* MobiConnect Registration
* MobileIron Registration
* MobileIron Configuration
* Workspace ONE Registration
* Register an iOS Device Through a Generic MDM System
* Apply a DNS Policy to Your Mobile Device
* Umbrella Reporting
* Add User Identity for Cisco Security Connector
* Troubleshooting
* Push the Umbrella Certificate to Devices
* Configure Cellular and Wifi Domains
MANAGED ANDROID
* Cisco Secure Client (Android OS)
* Deploy the Android Client
* Android Configuration Download
* Cisco Meraki MDM
* MobileIron MDM
* VMware Workspace ONE
* Microsoft Intune MDM
* Samsung Knox MDM
* Push the Umbrella Certificate to Devices
* Manage Pop-Ups and App Controls
* Manage Identities
* Troubleshooting
* Frequently Asked Questions
UNMANAGED MOBILE DEVICE PROTECTION
* Umbrella Unmanaged Mobile Device Protection
* Administrator Actions
* End-User Actions
SIG UMBRELLA CHROMEBOOK CLIENT USER GUIDE
* Get Started with Umbrella for Chromebooks
* Cisco Umbrella Chromebook Client Prerequisites
* SWG Umbrella Chromebook Client Prerequisites
* G Suite Identity Service
* Deploy the Cisco Umbrella Chromebook Client
* Add a Chromebook Specific DNS Policy
* Enable Trusted Network Detection
* Deploy the SWG Umbrella Chromebook Client
* Add a Chromebook Specific Web Policy Ruleset
* Integrate the G Suite Identity Service
* SWG Umbrella Chromebook Client Protection Status
* Chromebook Clients FAQ
* G Suite Identity Service FAQ
CISCO SECURITY FOR CHROMEBOOK CLIENT
* Get Started
* Migration Scenarios
* Prerequisites
* Limitations
* Google Workspace Identity Service
* Integrate Google Workspace Identities
* Deploy the Chromebook Client
* Verify and Debug
* Protection Status
* Chromebook-Specific DNS Policy
* Chromebook-Specific Web Policy
* Chromebook Client - FAQs
* Google Workspace Identity Service FAQs
HARDWARE INTEGRATION
* Integration for ISR 4K and ISR 1100 – Security Configuration Guide
* Create a Legacy Network Devices API Token
* Wireless LAN Controller Integration
* Meraki Cloud-Managed Networks and Umbrella DNS
* Set Up Umbrella for a Meraki Network
* Configure DNS Forwarder for Umbrella
* Mobility Express Integration
* Configure Mobility Express for Umbrella
* Cisco SD-WAN Powered by Catalyst SD-WAN and Umbrella
* Integration for RV-series Routers
* Cisco Catalyst 9200 and Catalyst 9300 Switches
* Cisco DNA Center
* Cisco Secure Firewall
CISCO ADAPTIVE SECURITY APPLIANCES (ASA)
* Integration for ASA Overview
* Prerequisites
* Import the Digicert Certificate Authority
* Configure the Umbrella Connector
* Verify Operation
* Monitor the Umbrella Connector
* Delete an ASA
DEPLOY UMBRELLA FOR CISCO SECURE CLIENT
Suggest Edits
Deploying the Cisco Secure Client can be accomplished in two ways: Procedure and
VPN head-end-based Deployment. This guide will walk you through all the methods.
To start, select the steps for your chosen deployment method.
TABLE OF CONTENTS
* Procedure
* VPN Head-end Pushed Installation
PROCEDURE
DOWNLOAD THE CISCO SECURE CLIENT FROM UMBRELLA
1. Navigate to Deployments > Roaming Computers and click Roaming Client.
2. Select and download the Cisco Secure Client deployment packages that meet
the operating system requirements of the devices in your organization.
MANUAL INSTALLATION (MOST COMMON FOR EVALUATION)
* Initial deployments for evaluation occur when an admin downloads a copy of
the Cisco Secure Client (formerly AnyConnect) and manually installs it on the
system.
* At install, the client prompts the required modules. For Umbrella-only, check
Umbrella and DART, and install. For VPN as well, check Core/VPN, DART, and
Umbrella.
STANDARD INSTALLATION (MOST COMMON)
* Standard deployment consists of manual or mass installing the client with the
module MSI installer or with the wrapping setup EXE installer contained in
the client download ZIP file. To begin, download the prerequisite software:
* Download a copy of the Cisco Secure Client from software.cisco.com, or from
the Umbrella dashboard, see Quick Start Guide. Cisco Secure Client is
licensed for Umbrella use for all current Umbrella packages but may require
linking your contract ID to your Cisco account. For more information, see
Standalone Roaming Client vs AnyConnect Roaming Module
.
1. Download a copy of the configuration profile from the Umbrella Dashboard.
See Quick Start Guide.
2. Depending on your system, drop or push the file into the following
directory:
* seWindows: %ProgramData%\Cisco\Cisco Secure Client\Umbrella
or
* macOS: /opt/cisco/secureclient/umbrella/
If deploying after installing Cisco Secure Client, the folder structure will
already be in place. If deploying the OrgInfo.json before installing Cisco
Secure Client, you will need to create the folder before placing the file.
The client activates the Umbrella module once installed and OrgInfo.json is
present in the Umbrella directory.
> 🚧
>
> IMPORTANT
>
> When you deploy the OrgInfo.json file for the first time, it is copied to the
> data subdirectory (/umbrella/data), where several other registration files are
> also created. Therefore, if you need to deploy a replacement OrgInfo.json
> file, the data subdirectory must be deleted. Alternatively, you can uninstall
> the Umbrella Roaming Security module (which deletes the data subdirectory) and
> reinstall it with the new OrgInfo.json file.
>
> The OrgInfo.json has specific information about your Umbrella dashboard
> instance that lets the Roaming Security module know where to report to and
> which policies to enforce. If you use another OrgInfo.json file from a
> different dashboard to install the Roaming Security module, the client
> computer appears in that dashboard instead.
VPN HEAD-END PUSHED INSTALLATION
Cisco Secure Client may also be deployed from a Cisco Secure VPN head end such
as an ASA. Head end deployment is not available on Meraki MX devices for
Umbrella profiles.
Deploy the Module
To add the Umbrella module to your VPN profile, add “Umbrella” from ASDM or with
the following CLI command:
webvpn
anyconnect modules value umbrella
Deploy the Umbrella Profile
After configuring the module installation, the profile must be deployed as well.
Please refer to your deployment vector of choice:
ASA CLI
1. Upload the OrgInfo.json that you obtained from the Umbrella dashboard to the
ASA file system.
2. Run the following commands, adjusting the group-policy name as appropriate
for your configuration.
Note: The file name on the ASA is case sensitive. If you upload a file named
OrgInfo.json, you must maintain the case of the filename.
In the following example, you can configure the default group policy by setting
<Group_Policy_Name> to
DfltGrpPolicy.
webvpn
anyconnect profiles orginfo disk0:/OrgInfo.json
group-policy <Group_Policy_Name> attribute
webvpn
anyconnect profiles value orginfo type umbrella
group-policy <Group_Policy_Name> attributes
webvpn
anyconnect modules value umbrella
ASDM GUI
Note: ASDM 7.6.2 is required to configure the Roaming Security module through
the GUI.
1. Navigate to Configuration > Remote Access VPN > Network (Client) Access >
AnyConnect Client Profile.
2. Choose Add.
3. Give the profile a name.
4. Choose the Umbrella Security Roaming Client type from the Profile Usage
drop-down list. The OrgInfo.json file populates in the Profile Location
field.
5. Click Upload and browse to the location of the OrgInfo.json file downloaded
from the dashboard.
6. Associate it with the DfltGrpPolicy at the Group Policy drop-down list or
the policy of your choice. For more information about how to specify the new
module name in the group-policy,
see Enable Additional AnyConnect Modules.
ISE
1. Upload the OrgInfo.json from the Umbrella dashboard.
2. Rename the file OrgInfo.xml.
3. Follow the steps in Configure ISE to Deploy AnyConnect.
--------------------------------------------------------------------------------
Before You Begin < Deploy Umbrella for Cisco Secure Client > Meraki Systems
Manager (SM) Deployment
Updated 29 days ago
--------------------------------------------------------------------------------
Before You Begin
Meraki Systems Manager (SM) Deployment
Français (Canada)日本語
Powered by Localize
English