Are you planning to upgrade to MacOS Big Sur and are a user of the roaming client for MacOS? If so, please continue reading.
If you are an AnyConnect Roaming Security Module user - you are not affected and can stop reading. AnyConnect Umbrella modules are not affected by this issue.
Currently, Cisco is aware of an incompatibility between the Umbrella roaming client (standalone version only, bundled with AnyConnect not affected) and MacOS Big Sur in the presence of an IPv6 address. IPv4-only networks are not affected.
The impact of this issue causes the roaming client to inconsistently apply state, changing frequently between Protected and Unprotected (Checking states).
At this time we cannot recommend upgrading clients to Big Sur until a fix is available due to the ubiquity of IPv6 networks.
At this time there is no immediate solution on Big Sur other than disabling IPv6 temporarily. This issue is due to a core change in the underlying OS. Note that setting IPv6 to local-link only is ineffective as a workaround. This workaround is a significant change which may impact connectivity on some networks.
Cisco is targeting February 24, 2021 as the release date for this fix to production. Users will receive this update between February 24 and March 3, 2021.