Configure Umbrella Chromebook Client to Send User-IP Mappings to Umbrella VA

Available Languages

Download Options

  • PDF     (17.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (83.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (69.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 17, 2025
Document ID:225230

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure Umbrella Chromebook client to send user-IP mappings over a secure channel to an Umbrella Virtual Appliance. 

    Prerequisites

    Starting version 2.7, Umbrella Virtual Appliances can now receive GSuite user-IP mappings from each Umbrella Chromebook Client over HTTPS. For this functionality to work correctly, the Umbrella Virtual Appliance (VA) must be running version 2.7 or later, the Umbrella Chromebook Clients (UCC) must be running version 1.3.3 or higher. At least one of the configured VA needs to be configured as the DNS server of the Chromebook with UCC running.

    Use Plain (HTTP) VA Communication

    To use the plain (HTTP) communication between Cisco VA and UCC, you must add the “vaInfo” with the IP addresses of each VA in the configuration file. Refer to Example 1 for the sample configuration.

    Example 1: Use plain (HTTP) VA communication.

    "vaInfo": {
    "Value": [
    {
    "IP": "192.168.100.10"
    },
    {
    "IP": "192.168.100.11"
    }
    ]
    }

    Use Secure (https) VA Communication

    To encrypt the communication between Cisco VA and UCC, first refer to this link for information on enabling encrypted communication on VA: Configure Umbrella VA to Receive User-IP Mappings.

    Then, create Unique FQDN names for each VA in the network and add them to the configuration file, as shown in Example 2.


    Example 2: Use secure (https) VA communication.

    "vaInfo": {
    "Value": [
    {
    "FQDN": "myVA1.mydomain.com",
    "IP": "192.168.100.10"
    },
    {
    "FQDN": "myVA2.mydomain.com",
    "IP": "192.168.100.11"
    }
    ]
    }

    Lastly please make sure the certificate of each VA configured in this UCC configuration file is pushed to all Chromebook running UCC via the G-Suite admin console.

    Please note these important details:

    1. The new version UCC is back-compatible supporting the "vaIPs" in the configuration file which uses plain VA communication. No need to change the configuration file if HTTP communication is preferred.

    2. All VA FQDNs in these configuration files need to be resolved to the same IP in the internal DNS server configured for the VA.

    3. All parameters in the configuration file are case sensitive.

    Revision History

    Revision Publish Date Comments
    1.0
    17-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products