04-02-2024 08:33 AM - edited 04-02-2024 08:34 AM
Say a user sends a DNS request for youtube.com. Their DNS is locally configured to send all requests to the VA. Will the VA then forward the request with its own private IP or would it forward it with the original device's IP?
Solved! Go to Solution.
04-02-2024 09:16 AM - edited 04-02-2024 09:40 AM
@guacamoley yes, if you are using the VA the traffic will show up as the internal network, which would be the client's real IP address (not the FW/router NAT IP address). You need to associate the Internal Networks with an Umbrella Site, Network or tunnel.
If you are not using the VA the NAT ip address would show up in the Cloud.
04-02-2024 08:37 AM
@guacamoley the VA will preserve the original client device IP address when the packet is routed to the cloud. This way Umbrella can create policies based on the internal networks.
04-02-2024 08:56 AM
Got it - A follow up, in that case will the traffic will show up as "Internal Networks" as opposed to the public SNAT of your internet edge?
04-02-2024 08:59 AM - edited 04-02-2024 09:00 AM
Friend there are two IP' the IP of client request DNS and IP used by FW or router to connect to Umbrella'
The IP used by FW or router is public IP and client IP is private almost.
I.e. the FW or router encapsulate the dns request inside udp packet.
MHM
04-02-2024 09:16 AM - edited 04-02-2024 09:40 AM
@guacamoley yes, if you are using the VA the traffic will show up as the internal network, which would be the client's real IP address (not the FW/router NAT IP address). You need to associate the Internal Networks with an Umbrella Site, Network or tunnel.
If you are not using the VA the NAT ip address would show up in the Cloud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide