--- myst: html_meta: "description lang=en": "Connect Kasm Workspaces sessions to Cisco Umbrella web filtering. " "keywords": "Kasm, How to, How-to, OpenDNS, Cisco, Umbrella" "property=og:locale": "en_US" --- ```{title} Cisco Umbrella / OpenDNS ``` # Cisco Umbrella / OpenDNS Administrators have several options for integrative Kasm with Cisco Umbrella / OpenDNS. - Users can be redirected to Kasm session when accessing restricted sites. - Kasm sessions can be configured to use custom DNS servers, thus using DNS filtering systems such as Cisco Umbrella / OpenDNS. In some situations this may be preferred to Kasm Workspace's built in {doc}`Web Filtering`. ## Redirect Blocked Requests to Kasm Administrators can configure Cisco Umbrella to redirect the user's request to Kasm when a policy is violated. For example, it certain categories of sites are denied by Cisco Umbrella policy, the Administator may wish to provide access to the site only through Kasm isolation. This is instrumented via the use of a **Custom Block Page** that is coded to either automatically redirect the user to Kasm or provide a link for the user to click. ```{figure} /images/cisco_umbrella/process.png :align: center **Redirect Process** ``` The following figure shows an example of a user's request being denied by Cisco Umbrella policy to auctions sites. The custom block page is shown, and the user has the option to open the link inside a Kasm session. The Kasm session is opened in a new window and automatically launches to the requested site. ```{figure} /images/cisco_umbrella/block_example.png :align: center **Block Page in Action** ``` ### Deploy a Custom Block Page A custom block page is used to redirect the user's original request to Kasm or provide them a link to do so. Administrator's must customize and place the block page in a website that is accessible to all users. 1. Download the example block page: [Custom Block Page Example](https://kasm-static-content.s3.amazonaws.com/cisco_umbrella_custom_block_page.html) (Right Click and Save) > ```{note} > The example block page is intentionally devoid of styling to more simply illustrate the workflow. > Administrators can customize the page with styling and branding as desired. > ``` 2. Edit the file and replace {code}`kasm.server` in the {code}`kasm_url` variable with a domain for your Kasm Deployment. > ```{code-block} none > :caption: Partial Block Page Contents > :emphasize-lines: 2 > > ... > var kasm_url = "https://kasm.server/#/go?kasm_url="; > var urlParams = new URLSearchParams(window.location.search); > > var kasm_message_elem = document.getElementById("kasm"); > var kasm_link_elem = document.getElementById("kasm_link"); > > var url_elem = document.getElementById('url'); > ... > ``` 3. Deploy the file to a web server that is accessible by the users. e.g {code}`https://my.server/block.html` ### Update Cisco Umbrella 01. Log into the [Cisco Umbrella Portal](https://login.umbrella.com/) ```{figure} /images/cisco_umbrella/portal_login.png :align: center **Portal Login** ``` 02. Select **Policies** -> **Policy Components** -> **Block Page Appearance** ```{figure} /images/cisco_umbrella/policy_menu.png :align: center **Policies Menu** ``` 03. Click **Add** 04. Update the **Block Page Appearance Name** (e.g **Kasm Block Page**) 05. Choose a **Blocked requests should be treated:** method. 06. Select **Redirect users to this URL** and enter the address of the deployed custom block page: e.g {code}`https://my.server/block.html` 07. Select **Save** ```{figure} /images/cisco_umbrella/block_page_appearance_config.png :align: center **Add New Block Page Appearance** ``` 08. Select **Policies** -> **Management** -> **All Policies** 09. Expand the desired policy (e.g **Default Policy**) and select **Edit** under **Custom Block Page Applied** ```{figure} /images/cisco_umbrella/default_policy.png :align: center **The Default Policy** ``` 10. Select **Use a Custom Appearance** and select the policy created in the previous steps (e.g **Kasm Block Page**) ```{figure} /images/cisco_umbrella/set_block_policy.png :align: center **Set Block Page** ``` 11. Select **Set & Return** then select **Save** ```{note} It may take several minutes for changes to the policy to take effect. ``` 12. When applicable users violate the policy they should see the configured block page with the option to open the link in Kasm. Cisco provides [Test URLs](https://support.umbrella.com/hc/en-us/articles/115000411528-What-are-the-Umbrella-Test-Destinations-) to help verify behavior. ## Kasm Sessions as Cisco Umbrella / OpenDNS Clients ### DNS Configuration Administrators can configure Kasm sessions to use custom DNS server such as those provide by Cisco Umbrella / OpenDNS. Use the following steps to locate the Cisco Umbrella DNS servers for the account, then see {doc}`Custom DNS Servers` for configuration details details. 1. Log into the [Cisco Umbrella Portal](https://login.umbrella.com/) 2. Select **Deployments** -> **Core Identities** -> **Networks** ```{figure} /images/cisco_umbrella/networks_menu.png :align: center **Networks Menu** ``` 3. Select **+** next to desired networks's IP address ```{figure} /images/cisco_umbrella/network_selection.png :align: center **Network Selection** ``` 4. The DNS Servers are displayed. Utilize the **IPv4** DNS Servers when configuring an image with {doc}`Custom DNS Servers` ```{figure} /images/cisco_umbrella/dns_servers.png :align: center **DNS Servers** ``` 6) Once configured, navigate to one of the [Test URLs](https://support.umbrella.com/hc/en-us/articles/115000411528-What-are-the-Umbrella-Test-Destinations-) from within the Kasm session to verify the configuration. ### Root Certificate Installation In order to for Cisco Umbrella / OpenDNS to utilize more advanced filtering , inspect SSL traffic and display block pages without the user getting a warning, the custom root certificate must be installed within the Kasm Image. Use the following steps to retrieve the CA cert provided by Cisco. Once retrieved, create a custom Image using the certificate by following the {doc}`Custom CA Certificates` instructions. **Helpful References** \* 1. Log into the [Cisco Umbrella Portal](https://login.umbrella.com/) 2. Select **Deployments** -> **Configuration** -> **Root Certificate** ```{figure} /images/cisco_umbrella/root_certificate_menu.png :align: center **Root Certificate Menu** ``` 3. Select *Download Certificate* ```{figure} /images/cisco_umbrella/root_certificate_download.png :align: center **DNS Servers** ``` 4. Create a custom Image using the certificate by following the {doc}`Custom CA Certificates` instructions.