Skip to main content
Sign in
Nathan Davis

Summary

How to troubleshoot common internet connection and website loading issues. These issues are often caused by Cisco Umbrella, and there are a few ways to fix them outlined here.

If websites or images are not loading, you get DNS / connection errors, or receive security warnings on websites (including Zendesk-owned pages), you may have an issue with Cisco Umbrella.

Sections in this Article

 

Unable to Connect to the Internet or Load Websites

ResetUmbrella Utility

Screen_Shot_2021-04-07_at_10.38.15_am.png

If you are unable to load any websites, it's possible Cisco Umbrella (our DNS tool) is experiencing a problem. To reset Umbrella, we've preinstalled a utility on your computer to help you self-solve this issue.

  • Open Spotlight ( ⌘ + Space Bar ) and search for "resetUmbrella"
  • Click the ResetUmbrella icon and input your password if prompted.

Then restart your computer and try to connect to the internet again.

apple_macos-bigsur.jpeg

Under the Hood

The ResetUmbrella app performs the following tasks automatically:

  • Removes the static DNS on all network adapters
  • Disables IPv6 on all network adapters
  • Implements a flag file to ignore non responsive resolvers.
    • This is to address home routers having unresponsive Link Local DNS & stuck T-Mobile IPv6 on IPSEC interface used for WIFI calling
  • Resets network by changing / rolling back network location

 

Reset Your DNS Settings

If resetting Umbrella doesn't work, you may need to reset your DNS manually.

  • Open System Preferences and choose Network.
  • Select WiFi on the left-hand column and click Advanced in the lower-right corner.
  • Choose DNS at the top, then select the items in the DNS Servers column and click the " - " icon to remove them (it may show a grayed out DNS after you remove everything. That's ok.)

Reset_DNS.png

  • Click OK, then Restart your computer.

This should resolve your issue. If not, proceed to Uninstall Cisco Umbrella.

 

Site Blocked Due to a Security Threat


a.jpg

The website you are trying to reach is getting blocked because Umbrella believes there is malicious content on the website. If you believe this is untrue, jump to adding to the whitelist or blacklist section of this article.

 

Certificate Error or Missing Images on Website

How to fix an issue where you get a certificate error or missing images on some websites.

If Chrome or Safari work, but Firefox is broken refer to this article

 

Connection_Not_Private.png

Why This Happens

The reason why you are experiencing this might be related to Umbrella. Umbrella is a network security tool that allows, proxies or blocks website access, based on its credibility using the following rules:

  • Good - Allow
  • Cautious - Proxy
  • Bad - Block

When proxying the connection Umbrella uses its own certificate to present SSL based websites. For this to work you need to have Umbrella's Root certificate installed on your computer.

 

Resolution

Check to see if you have the Umbrella Root Certificate installed. To do this;

  • Open Keychain Access (Available in Applications > Utilities)
  • Select System Roots and Certificates and in the search field type "Umbrella"

    Umbrella_Root_Cert.jpeg

If the certificate is there, it means your issue is not related to this. If you do not have the certificate proceed to the next step to install it.

Install the Certificate

There are two ways to do this, one is by using CLI which is a lot quicker, or the alternative is via the GUI.

To begin download the certificate located here and save it in your Downloads folder.

  • Open Keychain Access.
  • Select File > Import Items and then locate and import the certificate

    import_keychain.png

  • After importing the certificate, open the certificate by selecting System Roots and Certificates and in the search field type "Umbrella"
  • Double-click the certificate to open its properties window.
    • Select Trusts, then change the When using this certificate pulldown to Always Trust.

      Umbrella_root_cert_Keychain.png

  • You will be prompted to enter your password to make these changes.

Install Using Command Line / Terminal

You can also install the Certificate via Terminal (this is for advanced users only.) This is not necessary if you already installed the certificate via the steps above.

  • Open Terminal
  • Paste the following:
    sudo /usr/bin/security add-trusted-cert -d -r trustRoot -p ssl -p basic -k /Library/Keychains/System.keychain ~/Downloads/Cisco_Umbrella_Root_CA.cer
  • You will be prompted to enter your password. (Do not be concerned if the curser doesn't move as you are typing it.) Press Return and wait for Terminal to return to the command prompt.

 

Website is Being Proxied

Umbrella will proxy a connection for the first 24 hours, of a website that it has seen for the first time.

It does this because newly registered domains (NRDs) are known to be favored by threat actors to launch malicious campaigns, because vendors like Umbrella have not given them a score.

Usually after 24 hours, the website is given a score and is no longer proxied. If you can't wait 24 hours then go to adding to whitelist or blacklist section of this article.

 

"dig" or "nslookup" Showing OpenDNS IP

This issue is usually experienced by engineers when troubleshooting an application they are working on. During troubleshooting, when doing a dig you get OpenDNS IP addresses instead of the real thing, it means that the website is either blocked or proxied.

dig +short newwebsite101.zendesk.com
146.112.38.100
146.112.38.188
146.112.38.5
146.112.38.201
146.112.38.171
146.112.38.134

dig +short newwebsite101.zendesk.com @8.8.8.8
104.16.51.111
104.16.52.111
104.16.53.111
104.16.54.111
104.16.55.111

 

Malicious Website Not Being Blocked

Umbrella's policy is to block Malware, Command and Control, and Cryptomining. If you believe we are not blocking a website that should be blocked, go to adding to whitelist or blacklist section of this article.

 

Adding to Whitelist or Blacklist

In this section we will explain how you can stop the blocking or proxying of a website or to enable the blocking of a website. This can be done in two ways, with the preferred method being recategorization.

Recategorization

Websites are usually given a category and threat level. To view the current category or threat level go to https://talosintelligence.com. If you feel the value is incorrect, click on "Submit a dispute here".

To submit a dispute you will need to login with your CCO account. If you do not have a CCO account, you can create a guest account which is free. UP to 50 entires can be made at one time.

The reason why this is the preferred method is that this change will impact everybody / every company using Cisco, Senderbase and other security tools/vendors.

NOTE: Recategorization usually takes 24/48 hours.

 

Whitelist / Blacklist

If you can not wait 24/48 hours, we can add it to Zendesk's "Global Allow List" or "Global Deny List"

To get this done, raise a ticket with Security or IT.

IT or Security will then login to the Cisco Umbrella Portal > Policy > Destination Lists > and add to "Global Allow List" or "Global Deny List".

This action takes immediate effect.

 

Zendesk Domains

We try our best to add all Zendesk owned domains to a section called "Domain Management." This tells Umbrella to perform no filtering on the domain. It's similar to whitelisting, but goes further by telling Umbrella to use your network's local resolver instead of Umbrella / OpenDNS.

To view whats included already execute the following command:

cat /Library/Application\ Support/OpenDNS\ Roaming\ Client/localdomains

Best effort is done to keep this list up to date, but if a domain is missing, send a ticket to IT requesting a domain to be added to Zendesk's Domain Management. 

NOTE: Only Zendesk owned domains go here, do not include domains external to this. 

 

Unable to Resolve FQDNs Matching Domains Listed in Domain Management

This can be experienced in a number of ways. For example the user is unable to connect to GlobalProtect, or the Self Service Portal or even https://support.zendesk.com. Troubleshooting will show FQDNs like jamf.zdcorp.com, sec.zdcorp.com or support.zendesk.com are not resolving.

This is the most difficult to troubleshoot and almost on all occasions is a result of the ISP. This can be proven by mobile hotspotting and the issue going away. As for the ISP the user needs to ensure the ISP is not blocking any traffic, be it related to parental control or adult content filtering.

 

Additional Troubleshooting

  1. Begin by referencing the Umbrella Issue register. If the user or ISP is already registered, see what the work around is. If not then continue to troubleshoot and update the register.
  2. Execute the Umbrella Diagnostic tool, and attach the results to the ticket:
/Applications/OpenDNS\ Roaming\ Client/Umbrella\ Diagnostic.app/Contents/MacOS/OpenDNSDiagnostic -d sec.zdcorp.com -s -o ~/Documents/Umbrella-diags.txt

        Cross compare the output to a working client, like the following.

An alternative is to run the commands manually, here is a more simplified version. But please include Option 2 in the ticket, regardless.

Attach the results to the ticket:

dig -t txt debug.opendns.com
dig -t txt debug.opendns.com @208.67.222.222
dig +vc -p 443 -t txt debug.opendns.com @208.67.222.222 
dig +vc -p 5353 -t txt debug.opendns.com @208.67.222.222
traceroute 208.67.222.222
traceroute api.opendns.com
traceroute bpb.opendns.com
ifconfig
dig sec.zdcorp.com
dig sec.zdcorp.com @208.67.222.222
dig sec.zdcorp.com @208.67.220.220
dig sec.zdcorp.com @4.2.2.1
traceroute sec.zdcorp.com

If you failed to find the fix, raise a ticket with Umbrella Support, and provide the Umbrella-diags.txt file.

Comments

0 comments

Please sign in to leave a comment.

We are here to help. Get in touch!

If your specific case has not been resolved yet, send us a message or follow up if you already sent a request.

Send Request;requests/new,Check your request status;requests
Powered by Zendesk