Cisco Bug: CSCvt75904 - OSX: Umbrella stuck in reserved state on macOS
Aug 27, 2020
- Cisco AnyConnect Secure Mobility Client
Known Affected Releases
Symptom: When a firewall rule is applied to block UDP port 53 and 443 traffic on macOS client machine with AnyConnect vpn and Umbrella module, the state observed is "Reserved" instead of "Unprotected". Conditions: 1. Install AnyConnect VPN and Umbrella modules on macOS client. 2. Copy the OrgInfo.json profile to /opt/cisco/anyconnect/umbrella folder 3. Launch AnyConnect Statistics window to see that DNS Protection status for both v4 and v6 is "Protected" and DNS Encryption is "On". 4.Edit firewall settings of the gateway router or try the packet filter utility on macOS. 5. Add rules to block UDP port 53 and 443 traffic to Umbrella Resolvers (188.8.131.52/16, 2620:119:35::35 and 2620:119:53::53) 6. Enable the rules and observe that Umbrella goes in "Reserved" state instead of "Unprotected" . Browse to a malicious website (ex www.internetbadguys.com) to check if the protection is disabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases