Overview
This article will provide you with a basic understanding of the states of both the DNS and SWG module of the AnyConnect VPN + Roaming Security Module when using SIG/SWG in various scenarios with different dashboard settings enabled.
Terminology and References
Below you will find explanations to the acronyms and terminology used in the charts below and a link to the article discussing that feature further:
Traffic Forwarding on Umbrella Protected Networks: https://support.umbrella.com/hc/en-us/articles/230560847-Umbrella-Roaming-Client-Protected-Networks
AnyConnect VPN Trusted Network Detection (AC VPN TND): https://docs.umbrella.com/deployment-umbrella/docs/appendix-e-roaming-computer-settings#section-any-connect-roaming-client-tab
AnyConnect VPN Full-Tunnel VPN (AC Full-Tunnel VPN): https://docs.umbrella.com/deployment-umbrella/docs/appendix-e-roaming-computer-settings#section-any-connect-roaming-client-tab
Trusted Network Domain (Probe domain): https://support.umbrella.com/hc/en-us/articles/230901168-Umbrella-Roaming-Client-How-it-Works-on-Your-Company-Network
States
The current states for DNS protection of the AnyConnect VPN + Roaming Security Module and the corresponding definitions can be found here.
For the states of DNS and SWG module of AnyConnect VPN + Roaming Security Module, please see the below charts for each scenario and the outcome. The below scenarios also selected both options for DNS and SWG module for the dashboard settings for AC VPN TND, AC Full-Tunnel VPN, & Traffic Forwarding on Umbrella Protected Networks:
Scenario 1
Traffic Forwarding on Umbrella Protected Networks | Enabled in Dashboard | |||
AC VPN TND | Enabled in Dashboard | |||
AC Full-Tunnel VPN | Enabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Protected (virtual appliance) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled | Protected | Disabled |
Scenario 2
Traffic Forwarding on Umbrella Protected Networks | Enabled in Dashboard | |||
AC VPN TND | Enabled in Dashboard | |||
AC Full-Tunnel VPN | Disabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Protected (virtual appliance) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled | Protected | Disabled |
Scenario 3
Traffic Forwarding on Umbrella Protected Networks | Enabled in Dashboard | |||
AC VPN TND | Disabled in Dashboard | |||
AC Full-Tunnel VPN | Enabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Disabled |
Scenario 4
Traffic Forwarding on Umbrella Protected Networks | Enabled in Dashboard | |||
AC VPN TND | Disabled in Dashboard | |||
AC Full-Tunnel VPN | Disabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Disabled |
Scenario 5
Traffic Forwarding on Umbrella Protected Networks | Disabled in Dashboard | |||
AC VPN TND | Enabled in Dashboard | |||
AC Full-Tunnel VPN | Enabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected |
Disabled |
Scenario 6
Traffic Forwarding on Umbrella Protected Networks | Disabled in Dashboard | |||
AC VPN TND | Enabled in Dashboard | |||
AC Full-Tunnel VPN | Disabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected |
Scenario 7
Traffic Forwarding on Umbrella Protected Networks | Disabled in Dashboard | |||
AC VPN TND | Disabled in Dashboard | |||
AC Full-Tunnel VPN | Enabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected (virtual appliance) |
Web Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Disabled |
Scenario 8
Traffic Forwarding on Umbrella Protected Networks | Disabled in Dashboard | |||
AC VPN TND | Disabled in Dashboard | |||
AC Full-Tunnel VPN | Disabled in Dashboard | |||
PC currently connected to VPN (Split or Full) | No | |||
Trusted Network Domain (Probe domain) | Yes | Yes | No | No |
DNS pointing to | Internal DNS Server (holding probe domain entry) | VA | Internal DNS Server | VA |
DNS Protection Status | Disabled (trusted network) | Disabled (trusted network) | Protected | Protected (virtual appliance) |
Web Protection Status | Protected | Protected | Protected | Protected |
Support
If you have any further questions or issues please contact support at umbrella-support@cisco.com or https://support.umbrella.com/tickets/new.
Comments
0 comments
Article is closed for comments.