Umbrella Module for AnyConnect (for Android OS)
The Umbrella Module for AnyConnect for Android OS is a roaming client for managed Android devices that provides DNS-layer protection, and this protection extends to both apps and browsing covered by the Android work profile.
A mobile device management system (MDM) is required to deploy this client to Android devices and to push the Umbrella configuration to the Android devices. For a list of supported MDMs and other prerequisites, see Prerequisites for Deploying the Umbrella Module for AnyConnect on Android OS.
-
Per-app VPN does not work with the Umbrella Module because of an OS restrictions. If remote access VPN is active, Umbrella protection will only apply to DNS traffic that is intercepted by the VPN tunneled. If remote access is configured for per-app VPN, Umbrella protection only applies to DNS traffic for the tunneled applications.
-
You should not use always-on VPN with the lockdown (Fail Close) option. It stops the internet access when the VPN server is not reachable. Refer to your MDM guide to turn off the lockdown setting when always-on VPN is set to On.
For an explanation of the complete Umbrella feature set, refer to the Umbrella Module for AnyConnect (Android OS) documentation.
Prerequisites for Deploying the Umbrella Module for AnyConnect on Android OS
Note |
AnyConnect monitors traffic generated from apps and browsers within the work profile created in an MDM and blocks or allows browsing accordingly. Any traffic generated outside the work profile by apps and/or browsers is not monitored. |
-
Mobile device management system (MDMs) for deploying the software and pushing the Umbrella configuration to the mobile devices. Current tested versions are Mobile Iron, Meraki, VMWare workspace 1 (Airwatch), or Microsoft Intune.
-
Android (Samsung/Google Pixel) mobile devices with Android OS version 6.0.1 and above.
-
Umbrella license to configure DNS policies, manage registered Android devices, and for reporting.
-
Umbrella organization ID for enabling the feature.
-
For Trusted Network Detection (TND):
-
If the Umbrella module detects a virtual appliance (VA) with HTTPS enabled, it deactivates itself; however, if the VA does not support HTTPS, the Umbrella module continues.
-
All VA FQDN in umbrella_va_fqdns must be enabled.
-