The purpose of this document is to provide a high-level overview of the Cisco Umbrella roaming client and allow you to get started deploying the client to your organization’s Windows and Mac laptops (and desktop systems, if desired) and verify that it is working properly.
The Umbrella roaming client also has an optional integration with the Cisco AnyConnect client. This guide is not meant to cover that integration; only the 'standalone' Umbrella roaming client software. For information about the AnyConnect integration, read here:
A Few Introductory Questions
What is it?
The Umbrella roaming client is a very lightweight DNS client that runs on your Windows or Mac OS X computers. It is not a VPN client or a local Anti-Virus engine. It allows Umbrella security and policy-based protection, including our Intelligent Proxy, to be enforced no matter the network you are connected to. Whether you're at the office, hotel, a coffee shop, or using a mobile hotspot, the Umbrella roaming client will be enforcing policies set by you in the Umbrella dashboard. Version 2.0+ includes the Umbrella IP Layer Enforcement tunnel (Insights or higher packages) which deploys an Umbrella VPN adapter for use to enforce IP blocks. This VPN tunnel is not used for any other traffic than IP Layer Enforcement.
How does it work?
The Umbrella roaming client binds to 127.0.0.1:53 (localhost) and sets itself as the exclusive DNS server on every network connection on your computer. All public DNS queries are directed to the closest Umbrella data center, while gracefully handling local network resources using Internal Domains.
The DNS queries sent through Umbrella are encrypted, authenticated, and subjected to security and content filtering as dictated by your organization's administrator. If the computer attempts to reach a domain name which either Umbrella or your organization's administrator considers unsafe, the computer's browser gets directed to a safe block page.
The Umbrella roaming client gracefully decides between several states under which to operate, depending on its environment.
The Umbrella roaming client does not store cached DNS records. The Umbrella roaming client respects TTL's as set by the domain's DNS properties just as a computer (without the Umbrella roaming client) normally would.
Why should I use it?
With our traditional Network-based service, or with most traditional appliance-based network perimeter gateways, there are two limitations that are overcome with the Umbrella roaming client:
- Roaming / Off-network—If a laptop leaves the office and is not using a full-tunnel VPN at all times (which can be slow), the laptop is unprotected from threats and undesirable content while roaming outside of the network.
- Granular Reporting and Filtering—All the DNS traffic visible in your Umbrella Reports come from a single network identity. Without Umbrella Virtual Appliances or Active Directory integration, you cannot identify which computer or IP address is requesting undesirable or malicious content.
The Umbrella roaming client provides computer-level granularity that is specified in Policies which you set up in the dashboard. Not only can you enforce different Security and Content Filtering settings on a per-computer basis, but you also see computer-level Reports.
Does it work with VPNs?
Yes! The Umbrella roaming client works with most split-tunnel and full-tunnel VPN's. In some cases, special settings must be applied to ensure the VPNs compatibility with the Umbrella roaming client. Read our VPNs and VPN Compatibility article for more information.
Can I still run Antivirus and Endpoint security software?
Yes! The Umbrella roaming client's only function is to handle DNS requests, so third-party security software should not interfere with the Umbrella roaming client. All the heavy processing is being done in the Umbrella data centers and in the cloud.
Check out the pre-requisites to using the Umbrella roaming Client before deploying: https://support.umbrella.com/hc/en-us/articles/230564527