cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5946
Views
10
Helpful
5
Replies

DNS Umbrella Licensing

techno.it
Level 1
Level 1

Hello All,

How do Cisco Umbrella Licensing works?

 

Let suppose, I have a 500 user license with 2 VA deployed in HA pair, does every DNS queries consume the license? Is it taking only external queries into counts or an internal domain as well?

Can we exclude well-known sites to go unfiltered with Umbrella ( no license count) ?

 

Any insights would be highly appreciated.

 

1 Accepted Solution

Accepted Solutions

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @techno.it,

Umbrella is licensed per-user. You are supposed to purchase license for as many users as you have. Once you determine your quantity, you need to figure out what feature set is sufficient for you, as Umbrella has couple of packages. You can learn more about packages here.

It doesn't count number of queries you send to it. Also, you'll create split-DNS for sure - you'll send your internal queries to your nternal DNS servers (otherwise it won't work), and remaining to Umbrella cloud.

You can create whitelist, in order to instruct Umbrella not to do validation of certain domains, but query should still be forwarded to cloud, unless it it your internal domain.

BR,

Milos

View solution in original post

5 Replies 5

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @techno.it,

Umbrella is licensed per-user. You are supposed to purchase license for as many users as you have. Once you determine your quantity, you need to figure out what feature set is sufficient for you, as Umbrella has couple of packages. You can learn more about packages here.

It doesn't count number of queries you send to it. Also, you'll create split-DNS for sure - you'll send your internal queries to your nternal DNS servers (otherwise it won't work), and remaining to Umbrella cloud.

You can create whitelist, in order to instruct Umbrella not to do validation of certain domains, but query should still be forwarded to cloud, unless it it your internal domain.

BR,

Milos

techno.it
Level 1
Level 1

@Milos_Jovanovic 

 

Thanks for the response and clarification.

Some users sending only internal queries and not external while DNS client configured Umbrella VA, does the license will be still used?

In certain scenario, licensing of Umbrella is fair-usage license - you report the number of users you have, and Umbrella doesn't have means to check it really. In certain use cases, Umbrella can count number in real time.

I'm not sure how much can you really rely on that. VA could report your all internal IPs to cloud. Simply, your installed software will always attempt to do something in the background (e.g. Windows update, Windows probing for Internet connectivity, your other app updates like Chrome or Firefox). This way they will always generate some DNS queries.

If you want to do this, you could, for this type of users, assign your internal DNS servers directly and not the VA address. This way, anything comes to VA will and should be reported to Umbrella, which you'll license for, while your clients who don't need to use Internet services would be using your internal DNS servers directly (without VA).

BR,

Milos

techno.it
Level 1
Level 1

@Milos_Jovanovic Thank you so much for clarifying the queries with detailed explanation. I appreciate. 

alintadimitri
Level 1
Level 1

Configuring your DNS directs traffic from your network to the Cisco Umbrella global network. When a request to resolve a hostname on the internet is made from a network pointed at our DNS addresses, Umbrella applies the security settings in line with your policy.