Umbrella Roaming Security module install with Secure Web Gateway Proxy

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay this demo I'm gonna show you how to add on the umbrella roaming security module to your anyconnect VPN module here so earlier in the demo I recorded the VPN install so it's ready to go here just from a VPN perspective I'm gonna go ahead and go back to the aasa' side what we need to configure on the aasa' side so first of all there's the any kind of client software that you have to upload to your aasa and this specific version windows 14.8 version 2 0 4 5 it's about 69 Meg's ok so it's got to all the modules within the aasa' any kind of client but we're not gonna push everything down we only want to push the modules that we want so what we got to do is first of all configure any connect client profile for the Umbrella roaming security module and before heaven do that i would go to my umbrella portal ok login your portal go into deployment well many security roaming computers roaming client and download this module here this is the org info dot JSON file the contains your organization ID and a group and things that the credentials that the client will need to connect to your specific umbrella portal so you know download this it's a very small file just a text file I downloaded this earlier already ok and if you need more documentation you can just get it right here this is very good documentation alright let me get back to the aasa' side let's go ahead and build our profile so I'm gonna go ahead add and this is gonna be a sure and I'll call this umbrella roaming security just a name here ok and then now I'm gonna make this profile usage to be umbrella roaming security module as you can see here and then my XML file this is the org info file that I downloaded from the umbrella portal so I'm gonna upload it from my PC browse my local file so I'd say my umbrella local folder that's the file hit select and hit upload now this gets uploaded to the AES a hit ok associated with a disk 0 ok and there it is and then I'm also gonna assign this to group policy of azure and that that's the ton of group I will be connecting to so hit OK and apply and here are the CLI commands if you're interested on how to configure it okay so now that XML profile has been created let's go back into our connection profiles and go look at my as your tunnel group or connection profile and I'm doing sam'l authentication against Azure Active Directory ok and then from a group policy this is where I'm associating or enabling the module so I go to my azure group policy inside edit client only and go into the advanced any kind of client and I'm gonna uncheck inherit for the optional module here and just go ahead and select the umbrella roaming security there it is and if I need more modules I just check it here so only checked item here will be deployed down to the client so not the whole thing gets pushed down to the the end user here okay so I'm just pushing down the umbrella module it's only about 4 Meg in size so it's not very big and down here is the client profile that I configure earlier so we're good let's go ahead and hit OK and ok hit apply send and save okay my essay has been configured and ready to deploy the umbrella module let's go back to my client here it is and let's go ahead and connect you know it's gonna take me through the Microsoft portal because that is my authentication process that I configure so it's going to be Bob at Irvine security on Microsoft and then my password okay and then now it's going to take that password now it's gonna take me through the duo multi-factor authentication process that I configured as part of my as your authentication process so I'm gonna hit send me a push and I got a pop-up on my phone that I'm going to hit accept or approve okay then I am signed in to any connect you can see here welcome to the azure ad group I am good accept and now it's checking for a product update and you can see the umbrella roaming security module 4.8 is being pushed down okay now it's doing the installer here let it finish okay perfect know that module that small module got pushed so I see what happened here let me go ahead and open up my directory and let's go into C Drive and I go into program data if your program data is not showing you have to unhide this in control panel to show all the hidden folders and you're going to see Cisco and then going to a secure mobility client going to the Umbrella portal directory and you see the orc info file there that's the file that got pushed down from the aasa' now let's take a look at the umbrella site here you can see here that the roaming security is still inactive because this orc info file has to make an API call to the umbrella portal your account and enable a few things to make the final connection okay now what I need to do is I'm going to disconnect from the any connect because I don't need it anymore because really roaming security is supposed to protect me when I'm off VPN on off net okay so now this is just data and/or gain phone here and there'll be a few minutes for this that actually build out you'll see additional directory here but in the meantime we can take a look at services oh there it is swg actually I got created you can see when I go services you can see that SW make this a little bigger the Cisco anyconnect SW agent is running umbrella music Aaron is running these processes are running now okay prior to the swg folder being created this would not be running okay so now it automatically started because the client reached out to them brought portal and and completed its connection and swg client got enabled perfect now you can see here umbrella is active and if we click on this we can see that click on roaming security and there is web security web protection status is protected HTTP and HTTPS requests are 0 is very little so let's go ahead and launch a couple of websites to see if I simply go to apple.com that's most likely HTTPS ok and I'll see the number went out from 9 to 28 for HTTP requests now let's do a few other ones HTTP there we go this is an HTTP versus HTTPS site and I'm making an HTTP call for a few things ok so let's take a look at the client side there we go now my HTTP request went from 0 to 8 and of course if I go to HTTPS that number or increment and then let me go back to HTTP but you get the point here that the stats will increase as more traffic flows ok all right so let's this is appears to be working on the client so we're all good here now the real main control is on the umbrella side the portal side right we need to go into policies and you'll have the web policies that needs to be created and by default there's a default web policy too either match all identities and either allow all whatever policy you wanted to have a configure in my setup I have a swg no fun policy one policy that I created and one of the factor here is the identity piece how do I associate my client which is my client here is checked a name here it's Windows 10 VM dash tests that's the name of my client and that's what gets sent up to the portal here if I go edit identity and I go into roaming computers and then here is my Windows 10 VM that I picked up and I just associated to this group and that's it okay and then the rest of the policies are a content filtering so I have a policy to block you know certain categories like gambling I'm blocking Facebook I'm blocking the specific destination URL list that's a custom web page and oh HTTP inspection I also did this ahead of time that you have to download the root cert the Umbrella portal to the client or they will get the untrusted website pop up so click on this and download and pre deploy this to the client so they won't get that pop-up so they will trust a certificate from the umbrella portal future releases will allow you our customers to upload their own certificate but as of today for now it's the umbrella certificate only but that'll change very soon okay and if you want to look at some information about the client we can go to reporting activity search and you can simply look for roaming computers as an example in terms of identity type because there's a lot of data party flows and it hit apply and let's look for information on when tent svm so there it is that's my win tent SPM and if I simply go to a couple of other website as an example if I go to WWE oh my little pony' logo that I uploaded okay and if I want to report incorrect block I can the user can click on this and they can fill in their name information and send a message to the administrator so if we go back to the umbrella portal let's do a refresh and refresh we can look at the block traffic and you can see here there it is there's block traffic for Facebook all the Facebook traffic gets blocked and if you want to drill deeper now you can look at full details of the URLs and the long strings and things that the client went to okay so this gives you an overview thank you for watching

Info

Channel: Ciscolive Security Fan

Views: 529

Rating: undefined out of 5

Keywords: Umbrella Roaming Security with Secure Web Gateway Proxy

Id: 55BwfmeRP-c

Channel Id: undefined

Length: 12min 51sec (771 seconds)

Published: Wed Mar 25 2020