Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
956
Views
5
Helpful
1
Replies

Umbrella Deployment for Mobile devices and internal domains

Go to solution
amahmuto
Cisco Employee
Cisco Employee

‎11-03-2020 08:03 AM

Hi,

 

We have a customer looking to deploy Umbrella to protect their mobile devices, mainly Android and iOS.

 

1) My understanding is that when they are off the corporate network, the devices will query the Umbrella DNS directly?

 

2) When they are on the corporate wifi, they will not be using the DNS server which is supplied from the DHCP server, but still be using Umbrella DNS?

3) Meaning that they will not be able to access internal domains?

 

4) To be able to access the internal domains, from the corporate wifi, they would need to install the Umbrella VA and point all their DNS requests towards it. Which would affect the whole network and not just the mobile devices?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shubham Bharti
Cisco Employee
Cisco Employee

‎11-17-2020 11:35 AM

1) Yes the Umbrella module on the endpoint will directly reach out to Umbrella.

 

2) Depends - If Internal domain is not defined on Umbrella - it will continue to use Umbrella DNS. 

3) As mentioned in previous points - You can make internal domain reachable through 2 ways - Have on-Prem Umbrella solution deployed or bypass internal domain from Umbrella resolution using internal domain management on Umbrella. 

 

4) VA is a recommendation and not a mandatory appliance needed for On-prem deployment to achieve more granular information from endpoint. You can directly forward the DNS Server to Umbrella Public IP - Pre-requisite is to add the Public IP of customer on Umbrella Console. 

View solution in original post

1 Reply 1

Go to solution
Shubham Bharti
Cisco Employee
Cisco Employee

‎11-17-2020 11:35 AM

1) Yes the Umbrella module on the endpoint will directly reach out to Umbrella.

 

2) Depends - If Internal domain is not defined on Umbrella - it will continue to use Umbrella DNS. 

3) As mentioned in previous points - You can make internal domain reachable through 2 ways - Have on-Prem Umbrella solution deployed or bypass internal domain from Umbrella resolution using internal domain management on Umbrella. 

 

4) VA is a recommendation and not a mandatory appliance needed for On-prem deployment to achieve more granular information from endpoint. You can directly forward the DNS Server to Umbrella Public IP - Pre-requisite is to add the Public IP of customer on Umbrella Console. 

Customers Also Viewed These Support Documents