Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2606
Views
0
Helpful
6
Replies

Cisco umbrella detection

Go to solution
skywalker_007
Spotlight
Spotlight

‎01-11-2021 02:20 PM

Hi,

 

As umbrella is dns security ,if someone access the malicious website by ip address and not the name , will umbrella detect/prevent  it ?

 

Also ,if someone uses a client like command line , filezilla to do ftp  etc ,will umbrella prvenet it.

 

The client machine has roaming client installed

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-11-2021 02:54 PM

Important: Policy cannot be set/enforced on the LAN IP returned by the roaming client. The inclusion of LAN IP is only for visibility and reporting purposes. By comparison, only with a VA and a ‘site’ and an ‘internal network’ identity can policy be enforced on LAN IP.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎01-11-2021 02:25 PM

@skywalker_007 

Yes, IP Layer Enforcement with the Umbrella Roaming Security client or AnyConnect Roaming Security Module.

https://docs.umbrella.com/deployment-umbrella/docs/6-adding-ip-layer-enforcementz

0 Helpful

Go to solution
skywalker_007
Spotlight
Spotlight
In response to Rob Ingram

‎01-11-2021 02:39 PM

Ok thanks @Rob Ingram .

 

We have a customer with 5 different brnach office and a central location where ASAv is installed . any connect is used as client vpn.

 

Customer has purchased umbrella advantage .

 

With this can we still see the actual ip addrss of client machine sitting in the office . 

 

For example I have a user with IP address 10.1.1.1 sitting in head office , can we see this ip on umbrella or is it only the public IP addrrss of ASAv ?

 

There is no VA

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎01-11-2021 02:43 PM

If you have the anyconnect roaming client, then yes the private IP address (i.e. 10.1.1.1) will be reported in the umbrella dashboard.

0 Helpful

Go to solution
skywalker_007
Spotlight
Spotlight
In response to Rob Ingram

‎01-11-2021 02:47 PM

Even if user is sitting in office and not connected to ASAv via anyconnect , the connection from.user machine having anyconnect (with roaming security module ) shows the actual ip address of the client and we can have different policies based on the internal ip address?

 

 

Here we are not talking about identities for which we need VA.

 

The goal is to have different policies based on Internal Ip address scheme

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎01-11-2021 02:54 PM

Important: Policy cannot be set/enforced on the LAN IP returned by the roaming client. The inclusion of LAN IP is only for visibility and reporting purposes. By comparison, only with a VA and a ‘site’ and an ‘internal network’ identity can policy be enforced on LAN IP.

0 Helpful

Go to solution
skywalker_007
Spotlight
Spotlight
In response to Rob Ingram

‎01-11-2021 02:57 PM

Ok understood. Thanks @Rob Ingram 

 

So VA is necessary for internal ip policy enforcement.

Thanks you for quick response.

0 Helpful
Customers Also Viewed These Support Documents