Guest

Preview Tool

Cisco Bug: CSCvt75904 - OSX: Umbrella stuck in reserved state on macOS

Last Modified

Aug 27, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.8(3043)

Description (partial)

Symptom:
When a firewall rule is applied to block UDP port 53 and 443 traffic on macOS client machine with AnyConnect vpn and Umbrella module, the state observed is "Reserved" instead of "Unprotected".

Conditions:
1. Install AnyConnect VPN and Umbrella modules on macOS client.
2. Copy the OrgInfo.json profile to /opt/cisco/anyconnect/umbrella folder
3. Launch AnyConnect Statistics window to see that DNS Protection status for both v4 and v6 is "Protected" and DNS Encryption is "On".
4.Edit firewall settings of the gateway router or try the packet filter utility on macOS.
5. Add rules to block UDP port 53 and 443 traffic to Umbrella Resolvers (208.67.0.0/16, 2620:119:35::35 and 2620:119:53::53)
6. Enable the rules and observe that Umbrella goes in "Reserved" state instead of "Unprotected" . Browse to a malicious website (ex www.internetbadguys.com) to check if the protection is disabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.