MacOS endpoints running Cisco IPSec VPN alongside Endpoint Detection and Response may experience a loss of network connection if Network Events and Endpoint Isolation are enabled in your policy settings.
This is limited to endpoints on MacOS 10.15 Catalina and 11.0 Big Sur due to a network protocol conflict.
Resolution
To resolve, update Mac endpoints running Cisco IPSec VPN to MacOS 11.1 Big Sur.
If unable to update endpoints, turn off the following Endpoint Detection and Response settings within Nebula as a workaround:
- On the left navigation menu, go to Configure > Policies.
- Select the applicable policy.
- On the policy page, scroll down and find Endpoint Detection and Response.
- Under Suspicious activity monitoring >click the Advanced settings.
- Remove the macOS check box for Collect networking events to include in searching to disable.
- Scroll down and remove the macOS check box for Enable endpoint isolation to allow locking/unlocking of endpoints.
- Click the Save button at the top of the policy page.
If the issue persists, contact Support.