Virtual Appliances and the Umbrella Roaming Client
When you are using Virtual Appliances (VAs) for Internal Network or Active Directory visibility and granularity, Cisco Umbrella roaming client behavior changes. VAs act as DNS forwarders and send all public DNS requests to Cisco Umbrella and forward internal DNS requests to the network's internal DNS servers.
If a computer running the Umbrella roaming client enters a network with VAs set in DHCP's DNS settings, the Umbrella roaming client does the following:
- Disables itself (see note). The Umbrella roaming client is running but enters a "standby" state.
Note: IP Layer Enforcement is not disabled in this state and remains active (at this time the IPL test page incorrectly will state it is not enabled when you are behind a VA)
- The DNS servers revert to what is provided by the VAs
- Reporting in the Umbrella dashboard will show as the Internal Network IP or Active Directory identity of the user or computer and not as the Umbrella roaming client hostname.
Umbrella roaming client-specific policies will not be enforced until you roam onto a network without VAs.
This state is reflected in the Identities > Roaming Computers page of the dashboard. A roaming computer protected by a VA is green and states that it is protected by a VA.