Let me guess: in case of Wifi, you're using another DHCP server than for wired connections?   My guess is: your wired DHCP hands out the domain suffix (Option 15), whereas the Wifi one doesn't ... View more

Oh boy, I'm so much lookung forward to attending an i-person Cisco Live again...  😌 ... View more

Where is your XenApp server located? Somewhere on the Internet or some DMZ internally?   It'd be really helpful to understand your setup a little bit better. Would you be able to show us a picture? ... View more

I'd also believe that there won't be a noticable difference in performance. Never tried it though because from a security point of view, I'm seeing very little advantage. As @BrandonS already said, this normally leads to an increased count of troubleshooting tickets. ... View more

@rbnielsenWhy would you (as a company) announce some brand new piece of hardware that would be capable of leveraging a new standard and not tell anyone? Doesn't make sense to me... 😉 ... View more

Using Syslog, you'll see URL information but not DNS requests.   Using Umbrella would increase your security a lot, but would possibly be a quite expensive solution when it comes down to logging only. 😉 ... View more

Thanks so much guys for these fantastic achievements! Man, you gotta love this community!  😎 ... View more

I'd take bets this has something to do with MAC address randomization: https://appleinsider.com/articles/20/09/17/ios-14-mac-randomization-privacy-feature-may-cause-cisco-enterprise-network-issues ... View more

Yeah, it requires the so called "Authentication Proxy" that connects your user login (via RADIUS), your AD and Duo cloud.   But it's the same thing with NPS (whoever actually wants to use this piece of software). You'll get a Plugin that enables you to use Azure MFA. ... View more

Yes, though not natively. With Duo for example, this is being handled by their AuthProxy component acting as the RADIUS server: https://duo.com/docs/cisco ... View more

OK, I guess that something is blocking these. Are you getting error messages in the Security Center? ... View more

You'd always want to use your internal DNS servers for resolving internal destinations. With Umbrella, you have the chance to resolve every external DNS request directly and still be protected by Umbrella wherever you are.   This also solves other issues like "local" M365 access for endpoints that roam internationally: by letting them resolve everything not internally resolvable via Umbrella, the client will always receive the "nearest" Microsoft datacenter. ... View more

That's exactly my point (if I'm not completely getting you wrong): by tunneling your DNS requests via your HQ, you're missing this features functionality.   From my point of view:  1) You're in the HQ and are protected by your local DNS servers forwarding to Umbrella. Verything is working as you'd expect 2) You're off-site and relying on your VPN connection. By letting your endpoint querying Umbrella directly (without pushing DNS over the tunnel), you're evenly protected, at least if your policies are set up accordingly. ... View more

Hey Matt,   before delving deeper into TND, let me start by describing my preferred setup: In most cases, I tend to solve this one by using " Traffic Forwarding on Umbrella Protected Networks".     This way, the Umbrella module will realize that it's within a protected network and will not activate itself. Everytime the client is roaming, it will be protected even if your VPN connection to the headquarter is off. Much simpler (in my point of view) and because you don't have to fiddle around with all the bells and whistles regarding TND. Apart from that, it raises your security because it doesn't matter if your VPN is running or not.   If this is not what you want, we can continue to assist you with your troubleshooting. 🙂 ... View more

Have you configured IPS on your MX? Could you please show us Security & SD-WAN > Configure > Threat protection > Intrusion detection and prevention ... View more

Another possibility: Is your DB connection up and running and being torn down after a while? Even more so after having been idle? If so, this would be typical firewall behaviour: long running idle TCP sessions are typically held for an hour. At least, thanks is something I‘ve seen a lot regarding databases connections.   Fix for that: implement TCP keepalives on your DB server. ... View more