Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
1
Helpful
5
Replies

Servers with Static IP - Umbrella protection

dianawinskymartin
Level 1
Level 1

‎03-20-2025 10:26 PM

We are using Umbrella SIG with a tunnel from the firewall, and we want to protect our servers with static IPs using Umbrella SIG without relying on roaming clients. However, we cannot change the DNS to Umbrella’s DNS because we have a local DNS setup. Is there another way to protect these servers with Umbrella?

Labels:
0 Helpful
5 Replies 5

howe
Level 1
Level 1

‎03-21-2025 01:47 AM

Yes - you can forward your local resolvers to Umbrella for public DNS queries, or you can use a virtual appliance (VA). The VA can be configured to pass local DNS queries to your local DNS server, and public DNS queries to the Umbrella resolvers. The advantage of the VA is that the internal IP is exposed in the reports and can be used to apply specific policies to IP address or subnets as required with internal networks. 

dianawinskymartin
Level 1
Level 1
In response to howe

‎03-21-2025 02:56 AM

If I use VA, does that mean I can create a policy for specific static IPs of servers? That's option 1

If I forward my local resolvers to Umbrella for public DNS queries, may I not see the internal IP for a particular server? And for the creation of its policy is by network or tunnel?

0 Helpful

edusalaz
Cisco Employee
Cisco Employee
In response to dianawinskymartin

‎03-27-2025 07:25 AM

You are correct, for a deployment with VA, the VA will forward the internal IP of the DNS query to the Umbrella cloud, so you can create an internal network on the Umbrella portal and use it as an identity to apply policies for traffic coming from the VA.

If you use the local DNS with the forwarders option, you will not see the internal IP of the DNS queries, so to apply a policy you will use the network identity.

If you are forwarding the DNS directly to the internet using you public ip, you can register that public ip as a Network identity in the Umbrella portal.

If you are sending the DNS traffic to Umbrella using a VPN tunnel, you can register the Peer IP address (Public IP use by the tunnel on you side to Umbrella) of the tunnel as a network identity and use it to apply the DNS policies.

 

0 Helpful

dianawinskymartin
Level 1
Level 1
In response to edusalaz

‎03-27-2025 08:36 AM

Our setup was traffic pass through the tunnel, we dont have network identity registered because it encompasses the tunnel. We created tunnel from the fw to umbrella sig. 

0 Helpful

dianawinskymartin
Level 1
Level 1
In response to howe

‎03-26-2025 07:02 PM

What will be the source of it  or the identity?

0 Helpful
Customers Also Viewed These Support Documents