Are you planning to upgrade to MacOS Big Sur and are a user of the roaming client for MacOS? If so, please continue reading.
If you are an AnyConnect Roaming Security Module user - you are not affected and can stop reading. AnyConnect Umbrella modules are not affected by this issue.
Currently, Cisco is aware of two major incompatibilities between the standalone Umbrella Roaming Client and MacOS Big Sur. These issue are due to a core change in the underlying way Mac OS handles networking.
Issue 1: Umbrella rapidly changes back and forth from protected and protected states
If Umbrella is on an MacOS device with Big Sur and utilizing IPv6 address, the roaming client state becomes inconsistent, changing frequently between Protected and Unprotected states.
If you are on 2.2.328 or before, the workaround is to disable IPv6. Note that setting IPv6 to local-link only is ineffective as a workaround- IPv6 must be disabled from the terminal. This workaround is a significant change which may impact connectivity on some networks- please reach out to support if you need assistance in doing this.
A fix for this has been developed and is in the process of being rolled out. See the official release note for 2.2.616 for more information on rollout timing.
Issue 2: IP Layer Enforcement does not work correctly on Big Sur
IP Layer Enforcement is enabled, but does not properly activate while on MacOS devices with Big Sur.
This issue is being investigated, but there is currently no fix scheduled. At this time, IP Layer Enforcement is not compatible with MacOS 11 (Big Sur).