Articles in this section

CSC and Additional MDMs

Avatar
Alexander Harrison
  • Updated
Follow

Overview

 

 

The Cisco Security Connector (CSC) for iOS is full Umbrella DNS protection for your iPhone. Before consulting this guide for deployments, please read our CSC deployment guide. Your device must be in the supervised mode to utilize the CSC. 

This document overviews additional mobile device management (MDM) software support for the CSC. These MDMs have been validated by a successful deployment, but are not yet present on the Dashboard directly. 

 

All MDMs

 

 

The following steps apply for deployment to all MDMs. Please follow these steps first!

  1. Ensure your admin email address is added to the dashboard under the Mobile Devices page, settings option
  2. Download the Umbrella Root CA .cer file for use on the iOS device. This certificate allows for errorless HTTPS block pages. To obtain the Root CA:
    1. Navigate to Policies > Root Certificate.
    2. Click "Download Certificate".
    3. Save as a .cer file.

 

Mobile Iron Cloud

 

 

Currently, the Mobile Iron download on the dashboard supports the on prem version only. The Cloud version utilizes different device variables than the on premise software. Deployment is very similar to on prem, with several exceptions. To deploy to Mobile Iron Cloud:

  1. Ensure your admin email address is added to the dashboard under the Mobile Devices page, settings option.
  2. Download the Mobile Iron profile from the Umbrella dashboard.
  3. Replace the variable “$DEVICE_SN$” to ${deviceSN} 
  4. Replace the variable “$DEVICE_MAC$” to ${deviceWifiMacAddress} (This is for Clarity)

 

JAMF

 

 

Deploying the CSC with JAMF requires significant profile modification. Follow the steps below to deploy the CSC with JAMF MDM.  

  1. Looking for a step by step guide with images? See the attached JAMF PDF!
  2. Ensure your admin email address is added to the dashboard under the Mobile Devices page, settings option.
  3. Add the root CA
    1. New > Certificate.
    2. Configure.
    3. Provide a name for the certificate select Upload Certificate.
    4. Upload the .cer from above.
    5. Upload, leaving the password field blank.
    6. Apply to the scope of your devices to push out this certificate.
  4. Download the generic profile from the Umbrella dashboard
  5. Using JAMF Pro v.10.2.0 or higher? Skip this step. You may import as-is, just add the following.
    <key>serialNumber</key>
    <string>$SERIALNUMBER</string>
    <key>label</key>
    <string>$DEVICENAME</string>
    1. Using a lower JAMF version? Edit the XML profile extensively as follows in this example profile. Remove any red, bold text and add any blue, italic underlined text. Do not copy this example, it is not functional as-is. Only use the generic download configuration from your dashboard.  

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
      <key>PayloadContent</key>
      <array>
      <dict>
      <key>AppBundleIdentifier</key>
      <string>com.cisco.ciscosecurity.app</string>
      <key>PayloadDescription</key>
      <string>Cisco Umbrella</string>
      <key>PayloadDisplayName</key>
      <string>Cisco Umbrella</string>
      <key>PayloadIdentifier</key>
      <string>com.apple.dnsProxy.managed.DBE2A157-E134-3E8C-B4FB-23EDF48A0CD1</string>
      <key>PayloadType</key>
      <string>com.apple.dnsProxy.managed</string>
      <key>PayloadUUID</key>
      <string>59401AAF-CDBF-4FD7-9250-443A58EAD706</string>
      <key>PayloadVersion</key>
      <integer>1</integer>
      <key>ProviderBundleIdentifier</key>
      <string>com.cisco.ciscosecurity.app.CiscoUmbrella</string>
      <key>ProviderConfiguration</key>
      <dict>
      <key>disabled</key>
      <false/>
      <key>internalDomains</key>
      <array>
      <string>10.in-addr.arpa</string>
      <string>16.172.in-addr.arpa</string>
      <string>17.172.in-addr.arpa</string>
      <string>18.172.in-addr.arpa</string>
      <string>19.172.in-addr.arpa</string>
      <string>20.172.in-addr.arpa</string>
      <string>21.172.in-addr.arpa</string>
      <string>22.172.in-addr.arpa</string>
      <string>23.172.in-addr.arpa</string>
      <string>24.172.in-addr.arpa</string>
      <string>25.172.in-addr.arpa</string>
      <string>26.172.in-addr.arpa</string>
      <string>27.172.in-addr.arpa</string>
      <string>28.172.in-addr.arpa</string>
      <string>29.172.in-addr.arpa</string>
      <string>30.172.in-addr.arpa</string>
      <string>31.172.in-addr.arpa</string>
      <string>168.192.in-addr.arpa</string>
      <string>local</string>
      <string>cisco.com</string>
      </array>
      <key>logLevel</key>
      <string>{pre-filled in the download}</string>
      <key>orgAdminAddress</key>
      <string>{pre-filled in the download}</string>
      <key>organizationId</key>
      <string>{pre-filled in the download}</string>
      <key>regToken</key>
      <string>{pre-filled in the download}</string>
      <key>serialNumber</key>
      <string>$SERIALNUMBER</string>
      <key>label</key>
      <string>$DEVICENAME</string>
      </dict>
      </dict>
      </array>
      <key>PayloadDisplayName</key>
      <string>Cisco Security</string>
      <key>PayloadIdentifier</key>
      <string>com.cisco.ciscosecurity.app.CiscoUmbrella.{pre-filled in the download}</string>
      <key>PayloadRemovalDisallowed</key>
      <false/>
      <key>PayloadType</key>
      <string>Configuration</string>
      <key>PayloadUUID</key>
      <string>{pre-filled in the download}</string>
      <key>PayloadVersion</key>
      <integer>{pre-filled in the download}</integer>
      </dict>
      </plist>
  6. Import to JAMF:
    1. Under the main MDM configuration window, click New to create a new profile.
      Note: This must be a separate profile and must not be used with the certificate profile created above. In order for the app to work, these two profiles must be pushed to the device separately.
    2. Name the profile and scroll to DNS Proxy.
    3. Click Configure under the DNS proxy.
    4. Set the proxy configuration to Umbrella details:

      1. Set APP BUNDLE ID:
        com.cisco.ciscosecurity.app

      2. Set PROVIDER BUNDLE ID:
        com.cisco.ciscosecurity.app.CiscoUmbrella

      3. Paste the edited XML content from Umbrella
        into the PROVIDER CONFIGURATION
        XML section.

    5. Click Scope and apply to the proper scope of devices.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.