The Cisco Security Connector (CSC) is known to not function correctly in the presence of some software and certain scenarios.
Under these conditions, the CSC will report "Protected" but web traffic may not apply policy
- VPNs. Per Apple design, the CSC will not receive any DNS packets for traffic bound for a VPN. This is expected behavior.
- Mobile Hotspot. Clients connected to an iPhone running a hotspot will not be covered by the CSC. The phone operating the hotspot will continue to have coverage.
- Wandera "Gateway". The Wandera proxy will be seen to Apple as a VPN like gateway, and therefore any traffic sent via Wandera will not receive CSC coverage. CSC will see many DNS requests to *.proxy.wandera.com as a sign wandera is active.