End of Life for IP Layer Enforcement Feature of the Umbrella Roaming Clients.
Cisco Umbrella announces that IP Layer Enforcement will be end of life on July 31, 2022. IP Layer Enforcement is an optional feature for roaming clients made available with the Umbrella Intelligent Proxy for select Cisco Umbrella packages.
IP Layer Enforcement will no longer be included in Cisco Umbrella packages ordered by customers from and after August 31, 2021. For customers who previously ordered a package that contained the IP Layer Enforcement option, the feature will continue to work until July 31, 2022. Cloud-side services required to operate IP Layer Enforcement will be shut down on July 31, 2022.
Cisco Umbrella DNS Essentials and DNS Advantage packages provide a simple to deploy, easy to manage powerful DNS security solution. These DNS packages will continue to protect DNS subscribers against malicious servers for all connections that begin with an Umbrella DNS request (through DNS layer enforcement).
Cisco Umbrella Secure Internet Gateway (SIG) packages include even more advanced security coverage across all traffic (DNS, IP, web, and more). SIG includes a Secure Web Gateway (“SWG”) to analyze all traffic on web ports (IP or domain destinations), and a Cloud Delivered Firewall (“CDFW”) that layers on a cloud-based firewall in addition to SWG. This enhances the portfolio of Cisco cloud security efficacies far beyond DNS with IP Layer Enforcement, and beyond the requirement of endpoint software to deliver more-than-DNS protection. We encourage anyone who requires more-than-DNS coverage to consider the Umbrella SIG package.
Protect your network stack with Cisco Umbrella and speak with your Cisco Umbrella account manager today to learn more about the Cisco Secure Internet Gateway solution.
AnyConnect Version Support
IP Layer Enforcement will be supported on AnyConnect through the end of life date on version 4. Version 5.x will not support IP Layer Enforcement. The Cisco Secure Client branded client will not contain IP Layer Enforcement support. Existing AnyConnect users must continue use of the AnyConnect 4.x client to make use of IP Layer Enforcement functionality through the end-of-life date.
Cisco Secure Endpoint (formerly AMP) provides on-device protection against direct to IP threats. This includes functionality called "DFC" which evaluates new connections for new processes. This functionality is slated to grow to further supplant Umbrella IPLE functionality. Contact your account manager to discuss adding Cisco Secure Endpoint to your ELA.
SIG provides coverage for all web traffic on SWG and all public Internet traffic with Cloud Firewall. 95% of IPLE blocks are web traffic that is covered by SWG! (web traffic over TCP 443 and 80).