Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
97
Views
0
Helpful
1
Replies

source CIDR in Umbrella CDFW

krezov.igor
Level 1
Level 1

‎12-10-2024 02:12 AM

We want to test Umbrella CDFW for a specific set of users and as far as I know CDFW does not support identity as a source in the policy rules. I was wondering if we can set in the CIDR field as a source a private RFC 1918 segment from our organization so we can test a policy for a specific segment without touching or making any changes on the edge routers ?

I have checked the official documentation for Umbrella where it is stated that CIDR stand for Source CIDR IP Addresses—The tunnel's source addresses (IP or CIDR) to which the rules applies which is kind of confusing. 

I am not sure if this means a source address from the edge routes where the tunnel is built or it is related for the encapsulated traffic that passes trough the tunnel. 

 

 

Labels:
0 Helpful
1 Reply 1

nbogdaje
Cisco Employee
Cisco Employee

‎12-10-2024 10:38 AM

The ipsec headers are stripped before the firewall rules are processed. This means it looks at the original IP headers which should be the private IP of the client. I also just tested this in the lab and confirmed I can block traffic for a specific private subnet without affecting other subnets going over the tunnel by specifying the private subnet in the "source" "CIDR ip addresses" section.

 

0 Helpful
Customers Also Viewed These Support Documents