https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270427#M1017 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146484">@skywalker_007</a>&nbsp;</P> <P>Yes, IP Layer Enforcement with the Umbrella Roaming Security client or AnyConnect Roaming Security Module.</P> <P><A href="https://docs.umbrella.com/deployment-umbrella/docs/6-adding-ip-layer-enforcementz" target="_self">https://docs.umbrella.com/deployment-umbrella/docs/6-adding-ip-layer-enforcementz</A></P> Mon, 11 Jan 2021 22:25:14 GMT Rob Ingram 2021-01-11T22:25:14Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270426#M1016 <P>Hi,</P><P>&nbsp;</P><P>As umbrella is dns security ,if someone access the malicious website by ip address and not the name , will umbrella detect/prevent&nbsp; it ?</P><P>&nbsp;</P><P>Also ,if someone uses a client like command line , filezilla to do ftp&nbsp; etc ,will umbrella prvenet it.</P><P>&nbsp;</P><P>The client machine has roaming client installed</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Jan 2021 22:20:35 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270426#M1016 skywalker_007 2021-01-11T22:20:35Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270427#M1017 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146484">@skywalker_007</a>&nbsp;</P> <P>Yes, IP Layer Enforcement with the Umbrella Roaming Security client or AnyConnect Roaming Security Module.</P> <P><A href="https://docs.umbrella.com/deployment-umbrella/docs/6-adding-ip-layer-enforcementz" target="_self">https://docs.umbrella.com/deployment-umbrella/docs/6-adding-ip-layer-enforcementz</A></P> Mon, 11 Jan 2021 22:25:14 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270427#M1017 Rob Ingram 2021-01-11T22:25:14Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270435#M1018 <P>Ok thanks <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;.</P><P>&nbsp;</P><P>We have a customer with 5 different brnach office and a central location where ASAv is installed . any connect is used as client vpn.</P><P>&nbsp;</P><P>Customer has purchased umbrella advantage .</P><P>&nbsp;</P><P>With this can we still see the actual ip addrss of client machine sitting in the office .&nbsp;</P><P>&nbsp;</P><P>For example I have a user with IP address 10.1.1.1 sitting in head office , can we see this ip on umbrella or is it only the public IP addrrss of ASAv ?</P><P>&nbsp;</P><P>There is no VA</P> Mon, 11 Jan 2021 22:39:04 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270435#M1018 skywalker_007 2021-01-11T22:39:04Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270437#M1019 <P>If you have the anyconnect roaming client, then yes the private IP address (i.e. 10.1.1.1) will be reported in the umbrella dashboard.</P> Mon, 11 Jan 2021 22:43:43 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270437#M1019 Rob Ingram 2021-01-11T22:43:43Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270440#M1020 <P>Even if user is sitting in office and not connected to ASAv via anyconnect , the connection from.user machine having anyconnect (with roaming security module ) shows the actual ip address of the client and we can have different policies based on the internal ip address?</P><P>&nbsp;</P><P>&nbsp;</P><P>Here we are not talking about identities for which we need VA.</P><P>&nbsp;</P><P>The goal is to have different policies based on Internal Ip address scheme</P> Mon, 11 Jan 2021 22:47:21 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270440#M1020 skywalker_007 2021-01-11T22:47:21Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270442#M1021 <P><STRONG>Important:</STRONG> <EM><U>Policy cannot be set/enforced on the LAN IP returned by the roaming client. The inclusion of LAN IP is only for visibility and reporting purposes.</U></EM> By comparison, only with a VA and a ‘site’ and an ‘internal network’ identity can policy be enforced on LAN IP.</P> Mon, 11 Jan 2021 22:54:29 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270442#M1021 Rob Ingram 2021-01-11T22:54:29Z https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270444#M1022 <P>Ok understood. Thanks <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;</P><P>&nbsp;</P><P>So VA is necessary for internal ip policy enforcement.</P><P>Thanks you for quick response.</P> Mon, 11 Jan 2021 22:57:05 GMT https://community.cisco.com/t5/cloud-security/cisco-umbrella-detection/m-p/4270444#M1022 skywalker_007 2021-01-11T22:57:05Z