Setting Up the Cisco Security Connector App with Jamf School

The Cisco Security Connector (CSC) for iOS is full Umbrella DNS protection for supervised iOS devices. For information, see the Cisco Security Connector - Umbrella Setup Guide.

Important: CSC works best in a 1:1 configuration and is known to cause issues on Shared iPads.

Setting up the Cisco Security Connector with Jamf School involves the following steps.

  1. Download and deploy the Cisco Security Connector App.

  2. Configure a profile for the Root Certificate.

  3. Configure a profile for the DNS proxy.

  4. Scope everything to your devices.

The steps covered in this document require you to have a basic understanding of pushing apps and profiles to devices in Jamf School.

Download and Deploy the Cisco Security Connector App

It is recommended to use Apple's volume purchasing to deploy the CSC App to your devices.

images/docs.jamf.com/jamf-school/images/Screen_Shot_2018-05-17_at_08.51.09.png

Configure a Profile for the Root Certificate

  1. Download the Umbrella Root CA .cer file for use on the iOS device. This certificate allows for error-less HTTPS block pages. To obtain the Root CA:

    1. Navigate to Policies > Root Certificate.

    2. Click Download Certificate.

    3. Save as a .cer file.

  2. Create a new profile in Jamf School.

  3. Upload the Root Certificate in the Certificates payload.

images/docs.jamf.com/jamf-school/images/Screen_Shot_2018-05-17_at_08.27.14.png

Configure a Profile for the DNS Proxy

  1. Download the generic profile from the Umbrella dashboard.

  2. Edit the profile extensively as follows in this example profile. Remove any red, bold text and add any blue, italic underlined text. Do not copy this example, it is not functional as-is. Only use the generic download configuration from your dashboard.
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>PayloadContent</key>
    <array>
    <dict>
    <key>AppBundleIdentifier</key>
    <string>com.cisco.ciscosecurity.app</string>
    <key>PayloadDescription</key>
    <string>Cisco Umbrella</string>
    <key>PayloadDisplayName</key>
    <string>Cisco Umbrella</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.dnsProxy.managed.{pre-filled in the download}</string>
    <key>PayloadType</key>
    <string>com.apple.dnsProxy.managed</string>
    <key>PayloadUUID</key>
    <string>{pre-filled in the download}</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>ProviderBundleIdentifier</key>
    <string>com.cisco.ciscosecurity.app.CiscoUmbrella</string>
    <key>ProviderConfiguration</key>
    <dict>
    <key>disabled</key>
    <false/>
    <!-- Copy from here to paste into the Jamf School UI to provision a DNS proxy -->
    <dict>
    <key>disabled</key>
    <false/>
    <key>internalDomains</key>
    <array>
    <string>10.in-addr.arpa</string>
    <string>16.172.in-addr.arpa</string>
    <string>17.172.in-addr.arpa</string>
    <string>18.172.in-addr.arpa</string>
    <string>19.172.in-addr.arpa</string>
    <string>20.172.in-addr.arpa</string>
    <string>21.172.in-addr.arpa</string>
    <string>22.172.in-addr.arpa</string>
    <string>23.172.in-addr.arpa</string>
    <string>24.172.in-addr.arpa</string>
    <string>25.172.in-addr.arpa</string>
    <string>26.172.in-addr.arpa</string>
    <string>27.172.in-addr.arpa</string>
    <string>28.172.in-addr.arpa</string>
    <string>29.172.in-addr.arpa</string>
    <string>30.172.in-addr.arpa</string>
    <string>31.172.in-addr.arpa</string>
    <string>168.192.in-addr.arpa</string>
    <string>local</string>
    </array>
    <key>logLevel</key>
    <string>verbose</string>
    <key>orgAdminAddress</key>
    <string>{pre-filled in the download}</string>
    <key>organizationId</key>
    <string>{pre-filled in the download}</string>
    <key>regToken</key>
    <string>{pre-filled in the download}</string>
    <key>serialNumber</key>
    <string> %SerialNumber% </string>
    </dict>
    <!-- End copy -->
    <key>PayloadDisplayName</key>
    <string>Cisco Security</string>
    <key>PayloadIdentifier</key>
    <string>com.cisco.ciscosecurity.app.CiscoUmbrella.{pre-filled in the download}</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>{pre-filled in the download}</string>
    <key>PayloadVersion</key>
    <integer>{pre-filled in the download}</integer>
    </dict>
    </plist>

  3. Create a new profile in Jamf School.

  4. Configure a DNS Proxy payload with the following settings:

    images/docs.jamf.com/jamf-school/images/Screen_Shot_2018-05-17_at_09.46.10.png

  5. Add the XML you created in step 2 to the Provider Configuration.

Scope Everything to Your Devices

You are now ready to scope the profiles and app to your iOS devices. Once this is complete, you should have a working CSC setup.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.