cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1323
Views
5
Helpful
1
Replies

cisco Umbrella with ipsec.

syjeon
Beginner
Beginner

I'm wondering when I read about Umbrella, and considering adopting in our enterprise network. Cisco said it is just required to change DNS ip to cisco Umbrella, I saw some document it can connect through IPSEC tunnel from local on-prem device to Cisco Umbrella. what is the benefit by using IPSEC with umbrella? what is pros and cons when IPSEC is in use or not? is it compulsory? if it is to do so, we should check our asserts for ipsec connectivity with umbrella.? when ipsec is peered with Cisco umbrella, saw the public IP address had changed, are there is no performance issue in this scenerio?

 

Thanks.

1 Accepted Solution

Accepted Solutions

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor

Hi

 

You have the IP enforcement layer that will build an automatic VPN for traffic for certain traffic dedicated to specific IPs (https://docs.umbrella.com/deployment-umbrella/docs/frequently-asked-questions-2). Rest of the traffic remains local but you don't have a full visibility.

The other solution is a full proxy on which you'll gain maximum visibility on the internet traffic that uses a VPN towards SWG. (https://content.cdntwrk.com/files/aT0xMTk4MjMwJnY9MiZpc3N1ZU5hbWU9Y2lzY28tdW1icmVsbGEtc2VjdXJlLXdlYi1nYXRld2F5LXN3Zy1mZWF0dXJlLWJyaWVmJmNtZD1kJnNpZz1lNmM3ODEwMjdkMGM3ZjgxMDJiMWVlM2FlYmJjZjU4Mg%253D%253D)

It will connect you the closest DC and didn't have any complaints about performance issues on my deployed customers. 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

1 Reply 1

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor

Hi

 

You have the IP enforcement layer that will build an automatic VPN for traffic for certain traffic dedicated to specific IPs (https://docs.umbrella.com/deployment-umbrella/docs/frequently-asked-questions-2). Rest of the traffic remains local but you don't have a full visibility.

The other solution is a full proxy on which you'll gain maximum visibility on the internet traffic that uses a VPN towards SWG. (https://content.cdntwrk.com/files/aT0xMTk4MjMwJnY9MiZpc3N1ZU5hbWU9Y2lzY28tdW1icmVsbGEtc2VjdXJlLXdlYi1nYXRld2F5LXN3Zy1mZWF0dXJlLWJyaWVmJmNtZD1kJnNpZz1lNmM3ODEwMjdkMGM3ZjgxMDJiMWVlM2FlYmJjZjU4Mg%253D%253D)

It will connect you the closest DC and didn't have any complaints about performance issues on my deployed customers. 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: