Reserved
|
Orange
|
Checking
Connection Status. The Umbrella module has not yet determined the
protection state.
|
This
operating state occurs during the following conditions:
-
When
the module is first activated.
-
When
a network interface change (such as detection of a new network adapter, IP
changes on an existing adapter, or a new VPN tunnel being established or torn
down) occurs.
|
Open
|
Yellow
|
You are not
currently protected by Umbrella.
Local Umbrella module DNS protection is not active due
to connectivity issues with the Umbrella resolvers. There is at least one
active network connection; however, the roaming client cannot connect to the
Umbrella service on any active connection.
The
system's DNS settings revert to their original settings (DHCP or Static).
|
This
operating state occurs during the following conditions:
-
No UDP
port 443 or UDP port 53 connectivity to Umbrella resolvers (208.67.222.222).
-
No
Umbrella DNS VA is configured on the local network.
-
The
VPN tunnel may temporarily be in a state of tear down or establishment.
|
Protected
|
Green
|
You are protected by
Umbrella. DNS queries are not encrypted. Local Umbrella module DNS
protection is active, and DNS requests are sent unencrypted to Umbrella
resolvers.
|
This
state may occur when the module is first activated or when there is a network
interface change.
|
Encrypted
|
Green
|
You are protected by
Umbrella. DNS queries are encrypted. Local Umbrella module DNS protection
is active, and DNS requests are sent encrypted to Umbrella resolvers.
|
This
operating state occurs during the following conditions:
|
Protected Network
|
Green
|
You are on a network
protected by Umbrella. Local Umbrella module DNS protection is not active
because the current endpoint network is protected using Umbrella resolvers. The
Roaming Client has reverted the DNS settings back to what was set via DHCP or
statically set. The connection is not Encrypted.
|
This
operating state occurs during the following conditions:
-
The
current endpoint network egress IP address is registered with the same Umbrella
account as the endpoint.
-
Resolvers used are the Umbrella cloud resolvers (208.67.222.222,
208.67.220.220).
-
Policy configured via Umbrella dashboard ("Disable Behind
Protected Networks") dictates that the Umbrella module should be disabled when
on a protected network.
Note
|
This state is not possible for all Cisco Umbrella Roaming
package customers because there is no network-level protection.
|
|
Behind
Virtual Appliance
|
Green
|
You are protected by an
Umbrella virtual appliance.
Local Umbrella module DNS protection is not active
because an Umbrella Virtual Appliance is configured as the on-premise DNS
resolver. The Roaming Client disables itself and reverts the DNS settings back
to what was set via DHCP or statically set. The connection is not Encrypted.
|
This
operating state occurs when the endpoint configured DNS address (via DHCP or
statically) is the Umbrella VA address.
|
Umbrella
Trusted Network State
|
Gray
|
Disabled while you are on a
trusted network.
Local Umbrella module DNS protection is not active
because the current endpoint network is configured as an Umbrella trusted
network.
|
This
operating state occurs during the following conditions:
|
VPN
Trusted Network State
|
Gray
|
Disabled while you are on a
trusted network. Local Umbrella module DNS protection is not active because
the current endpoint network is configured as an AnyConnect VPN trusted
network.
|
This
operating state occurs during the following conditions:
-
AnyConnect VPN module is reporting the Trusted Network Detection
state as trusted.
-
AnyConnect VPN tunnel is either not connected or established in
full tunnel mode.
-
The
policy configured via the Umbrella dashboard dictates that the Umbrella module
should be disabled when on an AnyConnect VPN trusted network.
Note
|
This setting is true for all roaming package customers and
cannot be changed by the administrator.
|
|
Disabled
Due to VPN State
|
Gray
|
Disabled while your VPN is
active.
Local Umbrella module DNS protection is not active
because the endpoint currently has an active AnyConnect VPN tunnel established.
|
This
operating state occurs during the following conditions:
-
AnyConnect VPN module is reporting the Trusted Network Detection
state as not trusted.
-
AnyConnect VPN tunnel is established in full tunnel mode.
-
Policy configured with the Umbrella dashboard dictates that the
Umbrella module should be disabled when an AnyConnect VPN tunnel is
established.
Note
|
This setting is true for all roaming package customers and
cannot be changed by the administrator.
|
|
No
OrgInfo.json State
|
Red
|
You are not currently
protected by Umbrella. Profile is missing. Local Umbrella module DNS
protection is not active because the endpoint currently has an active
AnyConnect VPN tunnel established.
|
This
operating state occurs when the OrgInfo.json file was not deployed to the
proper directory:
Windows:
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella
macOS: opt/cisco/anyconnect/umbrella
|
Agent
Unavailable State
|
Red
|
You are not currently
protected by Umbrella. Service unavailable. Local Umbrella module DNS
protection is not active because the Umbrella agent is not running.
|
This
operating state occurs when the Umbrella agent service is not currently running
(either due to a crash or manual service stop).
|
Missing
.NET Dependency State (Windows only)
|
Red
|
You are not currently
protected by Umbrella.
Microsoft 4.0 NET framework is not installed. Local
Umbrella module DNS protection is not active because the Umbrella agent is not
running. The .NET runtime framework is missing.
|
This
operating state occurs when the Umbrella agent service is not running due to a
missing .NET 4.0 runtime.
|