DescriptionHosts with Umbrella Roaming Client Have Network Access When Isolated
ScopeVersion: N/A
SolutionVersion: N/A
Issue: Isolated hosts running the Umbrella Roaming Client are still have regular network access and do not get redirected to the Captive Portal page.
Upon client activation on the host, Umbrella Roaming Client does the following:
1. Writes the existing IP address in the host's DNS Server entry to C:ProgramDataOpenDNSERCResolver1-*-resolv.conf on the host.
2. Sets the host's DNS Server entry to the local loopback (127.0.0.1).
Refer to the following URL for details:
https://support.umbrella.com/hc/en-us/articles/230901108-Umbrella-Roaming-Client-Captive-Portal-Interaction
Workaround: Disable Umbrella Roaming Client on the host.
Solution: Configure the Isolation network ACLs to only allow port 53 traffic (DNS) to Network Sentry's Ethernet 1 ip address (Registration / Isolation).