The Cisco Umbrella roaming client binds to all network adapters' and changes DNS settings on the computer to 127.0.0.1 (localhost). This allows the Umbrella roaming client to forward all DNS queries directly to Umbrella while allowing resolution of local domains via the Internal Domains feature.
The following software and hardware either prevents these actions from happening or has a similar logic of requiring specific DNS settings in order to work. As such, we don't recommend running the Umbrella roaming client alongside any of the products mentioned below.
Please contact Support for further information or questions.
Blue Coat K9 Web Protection
Blue Coat K9 Web Protection does not allow DNS to be changed by a third-party application (like the Umbrella roaming client) and has no way of making exceptions in this regard. The Umbrella roaming client and K9 Web Protection cannot run on the same computer.
DNSMasq is software which caches DNS and runs as a system service. It binds to all network adapters on port 53 (the port DNS uses) and conflicts with the Umbrella roaming client
Kaspersky AV 184.108.40.2064.
The 2016 edition of Kaspersky AV is incompatible with version 220.127.116.114 on Windows 10 as it will interrupt the flow of DNS. Please update to version 18.104.22.1685 or newer.
Confirmation steps: Turn off the Umbrella roaming client or uninstall, point DNS to 22.214.171.124 and confirm that the issue continues. DNS tests "nslookup -type=txt debug.opendns.com" while this is set up will time out a portion of the time while Kaspersky is turned on, resulting in slow DNS resolution.
VOIP Phone Software
The following VOIP software reportedly does not work when the Umbrella roaming client is installed and running.
- Jive Mobility
- Counterpath X-Lite
- Megapath UC
For unknown reasons, some VOIP clients will fail to start or work properly when an application is bound to 127.0.0.1:53, which is what the Umbrella roaming client does. Although these VOIP clients don't seem to require binding to that IP:PORT, they fail to start regardless.
3G/4G HotSpots and Physical Adapters
The following list of 3G/4G HotSpots and physical network adapters have unalterable behavior in regard to DNS modification.
|Vodafone (Huawei) E272
|ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter
Some USB-based 3G/4G HotSpot devices and other miscellaneous devices use the same logic in their firmware or software as the Umbrella roaming client. The DNS server address on the client changes to something unexpected by the software or 3G/4G HotSpots, and they change the DNS setting back to the previous setting. The Umbrella roaming client then performs the same operation and changes any DNS servers back to 127.0.0.1.
The conflict will cause an endless cycle of the DNS servers for the VPN connection being reset. The result is a lack of reliable DNS resolution and incomplete protection from Umbrella security services.
At this time, we do not have any changes planned to accommodate these software programs and USB-based 3G/4G devices and adapters. In the future, we may implement compensating controls wherein the Umbrella roaming client will disable itself when it senses there is a conflicting component.