Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2525
Views
0
Helpful
4
Replies

Cisco Umbrella - Virtual Appliance blocking internal queries

Jaywoo
Level 1
Level 1

‎02-25-2020 12:20 PM

I have a certificate-based device that is attempting to query an internal web server.  The device is on DHCP and using the Umbrella VAs for DNS.  When we point the device statically to the internal DNS servers, the request successfully goes through.  What would cause the VAs to block an internal request?  Is there any way to troubleshoot this from within one of the VAs?  Their CLI seems pretty limited.

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎02-25-2020 12:32 PM

Hi,

Is it only this 1 device that is unable to query that webserver when using the VA as the DNS server?

Is the domain of the webserver defined as a "domain" within the Umbrella Cloud dashboard? Therefore all queries for that internal domain would be forwarded to your internal DNS server rather than be resolved by the Umbrella cloud DNS servers.

 

HTH

 

 

0 Helpful

Jaywoo
Level 1
Level 1
In response to Rob Ingram

‎02-25-2020 01:37 PM

Correct, only that 1 device. The domain is defined as well. I tried to perform some nslookups from the VAs but was only able to query our local DNS servers. As forwarders, shouldn't the VAs have the ability to lookup other hostnames?
0 Helpful

Rob Ingram
VIP
VIP
In response to Jaywoo

‎02-25-2020 01:50 PM

You can use the "dig" command on the VA CLI.

Also run nslookup on the endpoint device and see what the output is.

You could also run a packet capture from the client end (between the client and the VA) and see what the output is.

HTH
0 Helpful

AlfredWilliams16140
Level 1
Level 1

‎03-11-2020 05:20 AM - edited ‎06-26-2020 12:42 PM

My organization is considering Cisco's Umbrella. We are a smaller organization at about 1000 employees spread across about 40 branches. We currently back-haul our branch traffic, but are in the process of migrating to a split-tunnel approach.

VidMate TeaTV Shareit

0 Helpful
Customers Also Viewed These Support Documents