Limitations for Cisco Security for Chromebooks

Following are the limitations of DNS-over-HTTPS for the Cisco Security for Chromebook client.

Internal domainsChromeOS does not allow configuration of customers' internal domains, which affects configurations involving split domains or split brain DNS configurations. However, if DNS-over-HTTPS (DoH) cannot resolve internal domains, ChromeOS does a local resolution as a backup. To address this situation, use the "DNS-over-HTTPS with insecure fallback" configuration in Google Workspace. For detailed steps, see Enabling DNS-over-HTTPS with Insecure Fallback guide.
Virtual ApplianceVirtual Appliance detection and backoff is not supported by the DNS-over-HTTPS based solution because of ChromeOS limitations. However, you should not face issues with DNS resolutions in Chromebooks because of the limitation.
APP authenticationWhile using SWG for Cisco Security for Chromebook client, you might encounter issues uploading and downloading files in Android apps, including Gmail and Google Drive. The problem is that the SWG proxy lacks the required authentication headers for specific app requests, which causes errors in authorizing file transfers:

Prerequisites for Cisco Security for Chromebook Client > Limitations for Cisco Security for Chromebooks > Integrate the Google Workspace Identity Service