browse
Introduction
The Cisco Secure Client with the Umbrella module provides robust protection from threats at the DNS layer for Android devices. This protection covers both apps and browser-based traffic. This guide explains how to deploy the Cisco Secure Client on Android devices using zero-touch deployment. It ensures seamless Umbrella protection by enabling Always On VPN via MDM Workspace One without manual intervention.
Note: In this article, we explain how to auto-accept the VPN connection for Umbrella and SEULA (Software End User License Agreement) requests within other MDMs such as Cisco Meraki and Microsoft Intune, eliminating the need for user intervention.
Prerequisites
- Ensure Android EMM registration and device enrollment with work profile creation are completed.
- The MDM app Hub should be visible under the work profile.
- Only assign and install the Cisco Secure Client after publishing and installing the Always On VPN profile to Intelligent Hub.
Deployment Steps
A. Create the Always On VPN Profile
1. Navigate to Profiles:
a. Go to Resources -> Profiles & Baselines -> Profiles.
b. Click the Add button to create a new profile
2. Profile Setup:
a. Select Android as the platform and choose the required Management Type.
3. Configure VPN Settings:
a. In the Profile section, go to VPN Setting and click the Add button.
b. Fill in the required fields:
i. Connection Type: Select Cisco AnyConnect.
ii. Server: Enter the URL cisco://local.
iii. Enable Always On VPN and configure other properties as needed.
iv. Enable Per-App VPN Rules.
v. Enable Set Active.
c. Click the Next button.
4. Assign Profile:
a. Leave the Smart Group empty.
b. Assign the profile to the necessary devices.
c. Select appropriate deployment values.
d. Click Save & Publish.
B. Assign the Cisco Secure Client App
1. Add the App:
a. Go to Resources -> Native -> Public.
b. Add the Cisco Secure Client if it's not already available. This will redirect you
to the Play Store. Select the Cisco Secure Client from there.
2. App Assignment:
a. Select the app and fill in the required values.
b. Move to the assignment section and create a new assignment.
3. Configure Distribution:
a. Enter necessary details in the Distribution section.
4. Enable Managed Access:
a. In the Restrictions tab, enable Managed Access.
5. Select Profile:
a. In the Tunnel option, select the profile created earlier ‘Always On VPN’ under
Android (Custom DPC). This enables Always On VPN for the device.
6. Application Configuration:
a. Fill in the required application configuration such as Org ID, Reg Token from
the Android Config File downloaded from the Umbrella Dashboard.
b. Enable Accept SEULA For Users to prevent users from manually accepting the SEULA banner.
c. Enable Always On VPN Mode for Umbrella Protection Only to allow the Cisco Secure Client to automatically manage Umbrella protection and seamlessly accept VPN connection requests when Umbrella protection is activated.
d. Block users from creating new VPN connections (leave the Host field empty as server details are taken from the profile).
7. Save and Publish:
a. Save the changes and publish the Cisco Secure Client app.
8. Push the Umbrella Certificate:
a. For more information, see push the umbrella certificate to devices.