Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4286
Views
0
Helpful
3
Replies

Internal networks traffic via Umbrella

Go to solution
sv7
Level 3
Level 3

‎06-23-2021 07:49 AM

Hello All,

 

Need some help regarding below points

 

1) Whats the purpose of Internal Network section in Umbrella Dashboard

 

2) Deployed 2 VA for umbrella and integrated umbrella dashboard with Domain Controller. Need my office machine in workgroup (not in domain) should applied umbrella policies. For that what should i need to do apart from adding my ISP public ip in Network Section of Umbrella

 

3) I had run windows script  and connector on member of domain controller not on actual domain controller and found my all users/groups reflecting on umbrella dashboard. will it work for users policies. if not then why cause customer asking the same.

 

PLease help

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-23-2021 10:26 AM

@sv7 

1. Internal Networks is used if you have a VA installed in your local network. The VAs learn the real/internal IP address of the client. This IP address can be used in Umbrella policies.

2. If you apply a policy based on the public IP address, all traffic from that network would potentially match that policy, not just your PC. Seeing as you have VAs deployed, the VA will learn you local IP address, so you can configure an Umbrella Policy based on your local internal IP address.

3. Yes, it will work for user policies...so long as the VAs are used to learn the internal IP address of the user.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎06-23-2021 10:26 AM

@sv7 

1. Internal Networks is used if you have a VA installed in your local network. The VAs learn the real/internal IP address of the client. This IP address can be used in Umbrella policies.

2. If you apply a policy based on the public IP address, all traffic from that network would potentially match that policy, not just your PC. Seeing as you have VAs deployed, the VA will learn you local IP address, so you can configure an Umbrella Policy based on your local internal IP address.

3. Yes, it will work for user policies...so long as the VAs are used to learn the internal IP address of the user.

0 Helpful

Go to solution
sv7
Level 3
Level 3
In response to Rob Ingram

‎06-23-2021 12:03 PM - edited ‎06-23-2021 12:03 PM

Thank you Rob for clarifying my doubt.

 

Regarding point 3

 

Should I have to add my Ad fetch users/groups in policies identity alongwith internal ip address or anyone would work.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to sv7

‎06-23-2021 12:36 PM

Its cumulative, so if your specify AD Group + Network, then that Umbrella rule would apply to members of that AD group on that specific network. If the user is a member of the AD group but their IP address is not in the network, they won't match that specific rule.

0 Helpful
Customers Also Viewed These Support Documents