In this article we will review in detail what will happen after your subscription or trial expires.
At the end of the subscription or trial period, if you have not purchased the software, your organization is automatically downgraded to a DNS Monitoring account. DNS Monitoring is the most basic Cisco Umbrella offering and has far fewer features than our enterprise Umbrella offering.
- Your statistics in the reports continue to be logged as before (including security categorizations), for all identities (e.g. networks, Roaming clients, etc) that are still sending traffic to Umbrella.
- Access to the App Discovery and Destinations reports are removed.
- Policy enforcement is removed (includes roaming client):
- Category settings are no longer applied.
- Security settings are no longer applied. All security events will be allowed.
- All policy settings are hidden and deactivated. These are restored after subscribing to an Umbrella package.
- Only Networks and Network Devices can be managed from the dashboard—all other identities are hidden.
- No Block pages are displayed—DNS Monitoring accounts do not block any traffic.
Expiry of Secure Internet Gateway (SIG) Essentials
If you are a prospect customer, when your SIG Essentials subscription or trial expires, your security settings will be removed as per the above. You will still have access to a basic dashboard that will allow you to view your DNS traffic, but policies will not be applied.
If you are an existing Umbrella DNS Security customer trialing a SIG package, once the trial ends you will be reverted back to your previous pre-trial settings.
Any IPsec network tunnels and firewall rules will be retained for seven days. During this seven day period, IPsec network tunnels and firewall rules will not be applied, but the configurations will automatically be restored if the subscription is restored (purchased or trial extended). After these seven days, all IPsec network tunnels and firewall rules will automatically be deleted.
Required steps to remove all data from Umbrella
The following steps are required if you wish to remove some or all data stored by Umbrella.
To stop new DNS query data from being identified by Umbrella, you need to stop sending DNS data to Umbrella or remove any identities from the Dashboard that may still exist:
- Networks - Change your DNS settings to no longer forward queries to Umbrella, and delete the associated IPs from Deployments > Core Identities > Networks.
- Network Devices - Follow your manufacturer instructions to delete the Umbrella integration on your device. Delete the device from Deployments > Core Identities > Network Devices.
- Roaming Computers - Uninstall the Umbrella Roaming Client or the AnyConnect Umbrella Roaming Security Module from your machines. If you have been downgraded to DNS Monitoring, contact Support to have your Roaming Computer identities deleted. Note that if the clients have not been uninstalled from your machine, they will automatically re-register to the Umbrella Dashboard if deleted.
- Mobile Devices - Uninstall the iOS or Android app from your devices. If you have been downgraded to DNS Monitoring, contact Support to have your Mobile Device identities deleted. Note that if the apps have not been uninstalled from your machine, they will automatically re-register to the Umbrella Dashboard if deleted.
- Virtual Appliance - Delete the virtual machine hosting the VA from your hypervisor. If you have been downgraded to DNS Monitoring, contact Support to have your Virtual Appliance identities deleted.
- Active Directory Integration - Uninstall the Umbrella AD Connector services from your domain controllers. Contact Support to have your AD identities deleted. Note that if the Connectors have not been uninstalled from your machine, they will automatically repopulate the AD identities to the Umbrella Dashboard if deleted.
- Internal Networks - Delete the Internal Networks identities from Deployments > Configuration > Internal Networks.
At this time, existing request data cannot be removed from the Umbrella Dashboard. All data is automatically expired 1 year after being received.
To remove user accounts from your Umbrella organization, remove them from Admin > Accounts. Note that this will only remove the user from your organization, it does not remove them from Umbrella generally. Users who wish to be completely removed from Umbrella can contact Umbrella Support or firstname.lastname@example.org.
If you are using SAML for authentication, disable SAML from Admin > Authentication.
To end Amazon S3 uploads, go to Admin > Log Management, and click 'Stop Logging' from the Amazon S3 section.
To delete API keys, go to Admin > API Keys, expand the API key in question, and click 'Delete'.