Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1820
Views
12
Helpful
4
Replies

Umbrella and Users entering IP address

Allen Rongone
Level 1
Level 1

‎08-09-2018 08:58 AM - edited ‎02-20-2020 09:06 PM

Hello,

 

We are looking at adopting Umbrella. However, I have some concerns with this solution.

 

Right now, my top concern is user's being able to bypass Umbrella by entering an IP address instead of a fully qualified domain name in whatever application they are using (browser, sftp client, ssh client, etc...)

 

How will Umbrella be able to guard against this if all we are sending to Umbrella is DNS request?

 

Thank you in advance for any assistance,

~ Allen Rongone

Labels:
4 Replies 4

Jerome BERTHIER
Level 1
Level 1

‎08-09-2018 09:07 AM

Hi

 

It won't deal with it.

 

Umbrella is only based on dns request.

 

Regards

Allen Rongone
Level 1
Level 1
In response to Jerome BERTHIER

‎08-09-2018 09:46 AM

Jerome,

 

Thank you for your response.

 

So if I understand you correctly, unlike conventional proxies where all traffic is passed through the proxy, an malicious insider could circumvent Umbrella simply by using IP addressing instead of FQDN.

 

Is that a fair statement?

 

Thank you,

~ Allen

0 Helpful

pazzi
Cisco Employee
Cisco Employee

‎08-09-2018 09:44 AM

Hi, the umbrella roaming client can intercept IP addresses. You would need the Umbrella Insight or higher package.

https://deployment-umbrella.readme.io/v1.0.5/docs/6-adding-ip-layer-enforcementz

Jerome BERTHIER
Level 1
Level 1
In response to pazzi

‎08-10-2018 05:00 AM

Hi

 

I was not aware of that. Thanks.

 

By the way, there are several important limitations to this remediation :

1) The Umbrella roaming client does not currently support IPv6 or dual stack IPv4/IPv6

2) All traffic need to be tunneled to Umbrella using IPSEC which is more intrusive than sharing dns request. Moreover, IPSEC might not work on some case (firewall limitations...).

 

Regards

0 Helpful
Customers Also Viewed These Support Documents