browse
Overview
In this article we will review in detail what will happen after your subscription or trial expires.
Note:
In order to renew your subscription, or to purchase or extend your trial please contact your Account Manager. If you do not know their contact information please contact Sales: https://umbrella.cisco.com/contact-us.
Explanation
At the end of the subscription or trial period, if you have not purchased the software, your organization is automatically downgraded to a DNS Monitoring account. DNS Monitoring is the most basic Cisco Umbrella offering and has far fewer features than our enterprise Umbrella offering.
Note:
DNS resolution continues to function even after the subscription or trial has expired. Internet connectivity is not lost and websites will not cease resolving.
- Your statistics in the reports continue to be logged as before (including security categorizations), for all identities (e.g. networks, Roaming clients, etc) that are still sending traffic to Umbrella.
- Access to the App Discovery and Destinations reports are removed.
- Policy enforcement is removed (includes roaming client):
- Category settings are no longer applied.
- Security settings are no longer applied. All security events will be allowed.
- All policy settings are hidden and deactivated. These are restored after subscribing to an Umbrella package.
- Only Networks and Network Devices can be managed from the dashboard—all other identities are hidden.
- No Block pages are displayed—DNS Monitoring accounts do not block any traffic.
Roaming Client:
DNS resolution and DNS encryption will remain functional (without policy application) after a subscription or trial expires; however, an up to date internal domains list is required to ensure your local domains continue to resolve. The Umbrella roaming clients will continue to sync the internal domains list as defined at expiry. No modifications to the internal domains list can be made after expiry (if you require a modification, and will resubscribe, write us at umbrella-support@cisco.com. Not planning to resubscribe? Uninstall the roaming client). Importantly, existing internal domain resolution will not be affected by the expiring of a subscription or trial.
We are unable to support the roaming client without an active subscription.
Looking for just free DNS encryption to Umbrella with your DNS Monitoring package? See the DNScrypt project.
Expiry of Secure Internet Gateway (SIG) Essentials
If you are a prospect customer, when your SIG Essentials subscription or trial expires, your security settings will be removed as per the above. You will still have access to a basic dashboard that will allow you to view your DNS traffic, but policies will not be applied.
If you are an existing Umbrella DNS Security customer trialing a SIG package, once the trial ends you will be reverted back to your previous pre-trial settings.
Any IPsec network tunnels and firewall rules will be retained for seven days. During this seven day period, IPsec network tunnels and firewall rules will not be applied, but the configurations will automatically be restored if the subscription is restored (purchased or trial extended). After these seven days, all IPsec network tunnels and firewall rules will automatically be deleted.
Required steps to remove all data from Umbrella
The following steps are required if you wish to remove some or all data stored by Umbrella.
To stop new DNS query data from being identified by Umbrella, you need to stop sending DNS data to Umbrella or remove any identities from the Dashboard that may still exist:
- Networks - Change your DNS settings to no longer forward queries to Umbrella, and delete the associated IPs from Deployments > Core Identities > Networks.
- Network Devices - Follow your manufacturer instructions to delete the Umbrella integration on your device. Delete the device from Deployments > Core Identities > Network Devices.
- Roaming Computers - Uninstall the Umbrella Roaming Client or the AnyConnect Umbrella Roaming Security Module from your machines. If you have been downgraded to DNS Monitoring, contact Support to have your Roaming Computer identities deleted. Note that if the clients have not been uninstalled from your machine, they will automatically re-register to the Umbrella Dashboard if deleted.
- Mobile Devices - Uninstall the iOS or Android app from your devices. If you have been downgraded to DNS Monitoring, contact Support to have your Mobile Device identities deleted. Note that if the apps have not been uninstalled from your machine, they will automatically re-register to the Umbrella Dashboard if deleted.
- Virtual Appliance - Delete the virtual machine hosting the VA from your hypervisor. If you have been downgraded to DNS Monitoring, contact Support to have your Virtual Appliance identities deleted.
- Active Directory Integration - Uninstall the Umbrella AD Connector services from your domain controllers. Contact Support to have your AD identities deleted. Note that if the Connectors have not been uninstalled from your machine, they will automatically repopulate the AD identities to the Umbrella Dashboard if deleted.
- Internal Networks - Delete the Internal Networks identities from Deployments > Configuration > Internal Networks.
At this time, existing request data cannot be removed from the Umbrella Dashboard. All data is automatically expired 1 year after being received.
To remove user accounts from your Umbrella organization, remove them from Admin > Accounts. Note that this will only remove the user from your organization, it does not remove them from Umbrella generally. Users who wish to be completely removed from Umbrella can contact Umbrella Support or privacy@cisco.com.
If you are using SAML for authentication, disable SAML from Admin > Authentication.
To end Amazon S3 uploads, go to Admin > Log Management, and click 'Stop Logging' from the Amazon S3 section.
To delete API keys, go to Admin > API Keys, expand the API key in question, and click 'Delete'.