How to set up the Cisco Security Connector App with ZuluDesk

This document requires you to have a basic understanding of pushing apps and profiles to devices in ZuluDesk.

CSC works best on a 1:1 configuration and is known to cause issues on Shared-iPads.

The Cisco Security Connector (CSC) for iOS is full Umbrella DNS protection for your iOS devices. Please also read Cisco's CSC deployment guide. Your device must be in the supervised mode to utilize the CSC. 

Steps to take: 

  1. Download and deploy the CSC App
  2. Configure a profile for the Root Certificate
  3. Configure a profile for the DNS proxy
  4. Scope everything to your devices

Step 1: Download the CSC App

VPP is recommended to push the CSC App to your devices:

Screen_Shot_2018-05-17_at_08.51.09.png

Step 2: Configure a profile for the Root Certificate

  1. Download the Umbrella Root CA .cer file for use on the iOS device. This certificate allows for errorless HTTPS block pages. To obtain the Root CA,
    1. Navigate to Policies > Root Certificate
    2. Click "Download Certificate"
    3. Save as a .cer file
  2. Create a new Profile in ZMS
  3. Upload the Root Certificate in the Screen_Shot_2018-05-17_at_09.33.53.png Payload.

Screen_Shot_2018-05-17_at_08.27.14.png

Step 3: Configure a profile for the DNS proxy

  1. Download the generic profile from the Umbrella dashboard
  2. Edit the profile extensively as follows in this example profile. Remove any red, bold text and add any blue, italic underlined text. Do not copy this example, it is not functional as-is. Only use the generic download configuration from your dashboard.  
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>PayloadContent</key>
    <array>
    <dict>
    <key>AppBundleIdentifier</key>
    <string>com.cisco.ciscosecurity.app</string>
    <key>PayloadDescription</key>
    <string>Cisco Umbrella</string>
    <key>PayloadDisplayName</key>
    <string>Cisco Umbrella</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.dnsProxy.managed.{pre-filled in the download}</string>
    <key>PayloadType</key>
    <string>com.apple.dnsProxy.managed</string>
    <key>PayloadUUID</key>
    <string>{pre-filled in the download}</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>ProviderBundleIdentifier</key>
    <string>com.cisco.ciscosecurity.app.CiscoUmbrella</string>
    <key>ProviderConfiguration</key>
    <dict>
    <key>disabled</key>
    <false/>
      <!-- Copy from here to paste into the ZuluDesk UI to provision a DNS proxy -->
    <dict>
    <key>disabled</key>
    <false/>
    <key>internalDomains</key>
    <array>
    <string>10.in-addr.arpa</string>
    <string>16.172.in-addr.arpa</string>
    <string>17.172.in-addr.arpa</string>
    <string>18.172.in-addr.arpa</string>
    <string>19.172.in-addr.arpa</string>
    <string>20.172.in-addr.arpa</string>
    <string>21.172.in-addr.arpa</string>
    <string>22.172.in-addr.arpa</string>
    <string>23.172.in-addr.arpa</string>
    <string>24.172.in-addr.arpa</string>
    <string>25.172.in-addr.arpa</string>
    <string>26.172.in-addr.arpa</string>
    <string>27.172.in-addr.arpa</string>
    <string>28.172.in-addr.arpa</string>
    <string>29.172.in-addr.arpa</string>
    <string>30.172.in-addr.arpa</string>
    <string>31.172.in-addr.arpa</string>
    <string>168.192.in-addr.arpa</string>
    <string>local</string>
    </array>
    <key>logLevel</key>
    <string>verbose</string>
    <key>orgAdminAddress</key>
    <string>{pre-filled in the download}</string>
    <key>organizationId</key>
    <string>{pre-filled in the download}</string>
    <key>regToken</key>
    <string>{pre-filled in the download}</string>
    <key>serialNumber</key>
    <string>%SerialNumber%</string>
    </dict>
    <!-- End copy -->
    <key>PayloadDisplayName</key>
    <string>Cisco Security</string>
    <key>PayloadIdentifier</key>
    <string>com.cisco.ciscosecurity.app.CiscoUmbrella.{pre-filled in the download}</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>{pre-filled in the download}</string>
    <key>PayloadVersion</key>
    <integer>{pre-filled in the download}</integer>
    </dict>
    </plist>
  3. Create a new Profile in ZMS
  4. Configure a Screen_Shot_2018-05-17_at_09.45.57.pngpayload with the following settings:

Screen_Shot_2018-05-17_at_09.46.10.png

Add the XML you've created in step 2 to the Provider Configuration

Step 4: Scope everything to your devices

You're now ready to scope the profiles and App to your iOS devices. Once this is done you should have a working CSC setup.

 

For additional information check out CSC and Additional MDMs support page by Cisco.

Have more questions? Submit a request

0 Comments

Article is closed for comments.