browse
Overview
The information in this document is meant to cover the steps on how to deploy the Cisco Secure Client Umbrella module for macOS computers either with the Core VPN module visible to the users and also how to install the Umbrella module as a Standalone App.
Pre requisites:
-
- Access to Umbrella Dashboard.
- Access to the Cisco software download page.
- AnyConnect Umbrella Module Profile (orginfo.json).
- A macOS supported platform: macOS 13, macOS 12, 11.2, 10.15, and 10.14 (all 64-bit).
- (Optional but highly recommended) Umbrella Root Certificate installed, this is used by the testing section when we visit a site that has been blocked by our DNS/SWG policy. For further details of the Root Certificate installation, click here.
Umbrella Module with visible VPN AnyConnect module
-
Start by downloading the proper Secure Client package for macOS.
The software can be found here. Find below a screenshot of the one we need to download for any manual/in-tune install:
- Download the OrgInfo.json file from your dashboard, this file is unique to your dashboard so make sure this is not shared by any other ORG ID that is not yours.
- Change the installer image to read/write by either running the Disk Utility or using the Terminal application, as follows: hdiutil convert <source dmg> -format UDRW -o <output dmg>
-
Open the newly converted dmg file and open the "Profiles" folder. Here we need to do the following:
Click on "Profiles", then on the Umbrella folder, drop the OrgInfo.json file you just downloaded from your dashboard.
-
Proceed with the installation of the Umbrella module.
-
After it has been installed, the two modules are visible, the AnyConnect VPN and the Umbrella Roaming Security.
NOTE: if step #4 is skipped, you can also just drop the OrgInfo.json file manually to the computer to the following location: /opt/cisco/secureclient/umbrella.
Umbrella Module as a Standalone App
-
Start by downloading the proper Secure Client package for macOS.
The software can be found here. Find below a screenshot of the one we need to download for any manual/in-tune install:
- Download the OrgInfo.json file from your dashboard, this file is unique to your dashboard so make sure this is not shared by any other ORG ID that is not yours.
- Change the installer image to read/write by either running the Disk Utility or using the Terminal application, as follows: hdiutil convert <source dmg> -format UDRW -o <output dmg>
- Open the newly converted dmg file and open the "Profiles" folder. Here we need to perform two steps:
a. Edit the ACTransforms.xml and make sure the <DisableVPN> is set to true and that it is uncomment
b. Click on "Profiles", then on the Umbrella folder, drop the OrgInfo.json file you just downloaded from your dashboard.
-
Proceed with the installation of the Umbrella module.
-
After it has been installed, only the Umbrella module is visible:
NOTE: if step "#4 section b" is skipped, you can also just drop the OrgInfo.json file manually to the computer to the following location: /opt/cisco/secureclient/umbrella.
Scripted Installation
The package can be installed in an automated fashion using scripts or endpoint management software. However, when the package is run in an unattended way all Secure Client modules will be installed (by default).
The attached file install_choices.xml configures Secure Client to only install the required core VPN module and Umbrella modules.
To control the installed modules you can supply the install_choices.xml as an installer argument.
# Attach DMG
hdiutil attach ~/Downloads/csc-readable.dmg
# Run the installer with supplied install_choices.xml sudo installer -pkg Cisco\ Secure\ Client\ <version>/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML ~/Downloads/install_choices.xml -target /
For more details see Customize MacOS installation of Secure Client.
Verification
- Try going to welcome.umbrella.com and make sure you are protected:
- Try going to any or our test destinations and make sure you are protected by Umbrella.
- On your Umbrella dashboard, we can check the computer has successfully sync'd to Umbrella and imported as a Roaming Client Computer: