Cisco Security Connector Umbrella Setup
Cisco Security Connector
Overview
The Cisco Security Connector provides visibility and control for organization-owned and MDM managed mobile Apple iOS devices, such as iPhones and iPads. The CSC's Umbrella component directs DNS traffic, including functionality for the intelligent proxy, to the Cisco Umbrella cloud where filtering against malicious sites, such as phishing sites or sites that exfiltrate information, takes place. The CSC’s Umbrella portion does not require an on-demand or always-on VPN or a full proxy to gain complete visibility and control through cloud security (not locally on the device). This makes for both easier management and simpler, more effective security.
Documentation
Please refer first to the following documentation: Cisco Security Connector—Umbrella Setup Guide. As Matrix42 Silverback is not mentioned explicitly mentioned in the Article, proceed wit the guidelines for Generic - Other MDMs within this article Register an iOS Device Through a Generic MDM System
Import and modify XML File
This guide has been created based on an Silverback Version 21.0 Update 2. For all version below Silverback 21.0 Update 2 you will need to edit and adjust the XML file keys first with e.g. Notepad++ and save the file afterwards as a filetype *.mobileconfig. This file can be uploaded to Silverback afterwards.
- After downloading the generic mobileconfig file, you can easily open the XML file with e.g. Notepad++
- Copy the complete content of this generic mobileconfig to your clipboard.
- Login to your Silverback Management Console
- Navigate to Tags and create a new Tag
- Click New Tag
- Enter as Name e.g. Cisco Umbrella
- Enter a description (optional)
- Enable Profile in the Enabled Features section
- Enable iPhone and/or iPad as Device Types
- Press Save
- Navigate to Profile
- Click Custom Profiles
- Click New Custom Profile
- Enter a name, e.g. Cisco Umbrella Mobileconfig
- Enter a description
- Enable the Use XML checkbox
- Paste the XML content in the appeared XML Text section
- Locate the Keys Serial Number and/or Label
- Replace the String with System Variables
For Serial Number use the following Variable {SerialNumber} and for Label e.g. {DeviceName}
<key>serialNumber</key>
<string>{SerialNumber}</string>
<key>label</key>
<string>{DeviceName}</string>
- Press Save
- Confirm with OK
If you enabled two Device Types in this Tag, navigate now to the iPad tab and repeat the steps to create the Custom Profile for iPad as well
Distribute new Tag
- Navigate to the Devices Section
- Locate one of your test devices
- Click the Tag icon under Actions
- Enable your previously created Tag and press save
- Open the Device Information and press Refresh to initiate a sync with Silverback
Enable Auto Population for the newly created Tag after a successful test.
Review Device
- On your device open Settings application
- Navigate to your Silverback MDM Profile
- e.g. General > VPN & Device Management > Silverback MDM Profile on iOS and iPadOS15 devices
- Under contains you should see now an entry DNS Proxy
- Click More Details and review the DNS Proxy profile
Not all information from the XML files are present here, but at least the App and Provider Bundle should be listed
Next Steps
- Check your registered mobile devices on the Umbrella dashboard
- Review Apple Deployment Programs Integration: Apple Deployment Programs
- Review how to distribute Applications: Administrator Guide Part V: App Portal
- Review how to supervise a device: iOS Guide VI: Device Supervising