Understand Umbrella Roaming Client in Guest Protected Networks

Available Languages

Download Options

  • PDF     (153.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (219.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (176.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 3, 2025
Document ID:225135

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes Umbrella Roaming Client behavior in guest protected networks.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on Cisco Umbrella Roaming Client.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Overview

    This article discusses how a laptop with the Umbrella Roaming Client or AnyConnect with the Roaming Security Module behaves when under a guest protected network (in other words, when the laptop uses a network registered to another Umbrella organization).

    Additional information: Umbrella Policy Selection Involving Multiple Organizations 

    Behavior

    In most cases when an Umbrella roaming client visits another organization or a guest protected network, the roaming client is set to remain active and can honor the policies of its home organization. However, there are caveats:

    If the roaming client is part of its home organization default policy (with lower priority or policy number 0), the roaming client can then use the policy of the guest organization due to it being in a higher policy. For more information regarding policy precedence, please read the Umbrella documentation: Policy Precedence

    Prevent Umbrella Roaming Client from Using Guest Organization Policy

    To prevent the Umbrella roaming client from using the guest organization policy, it is necessary to create a new policy for the Umbrella roaming client that has higher priority than the default policy:

    1. Log in to the Umbrella dashboard.

    2. Select Policies >ManagementAll Policies.

    3. in the All Policies screen, select Add (+ icon) to add a new policy.

    Policies360002286863

    4. Select the Roaming Computer identity, then select Next.

    .Add Policy360002286066

    5. Configure the rest of the policy settings as desired.

    6. Save the new policy.

    Revision History

    Revision Publish Date Comments
    1.0
    03-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products