Troubleshoot Secure Client SWG Ignoring Hosts File Entries

Introduction

This document describes  how to troubleshoot Cisco Secure Client (CSC) Secure Web Gateway (SWG) clients ignoring Hosts File entries.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on Cisco Secure Client Secure Web Gateway.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Problem

Note: Cisco announced the End-of-Life of Cisco AnyConnect in 2023. Many Cisco Umbrella customers are already benefiting from migrating to Cisco Secure Client, and you are encouraged to begin migration as soon as possible to get a better roaming experience. Read more in this Knowledge Base article: How do I install Cisco Secure Client with the Umbrella Module?

In the Cisco Secure Client Secure Web Gateway (SWG), you created a hosts file entry and added the FQDN to Domain Management > External Domains & IPs, but your web browser is not fetching the destination per hosts file.

Solution

Destinations to domains with hosts file entries need to be bypassed by SWG proxy by adding the destination IP address to Domain Management > External Domains & IPs.

When you configure a domain name to bypass, Cisco Secure Client monitors DNS requests to find the IPs. If you have a hosts file entry, no DNS request can occur because the client uses the hosts file before DNS query.