cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

243
Views
0
Helpful
5
Replies
Participant

Umbrella internal network ranges overlap

This is regarding the internal networks that need to be configured in Umbrella. I have a network where my 10.0.0.0/16 is used primarily at one site, and have another subnet in this range (10.0.2.0/24) used at another site. If I add both internal networks (10.0.0.0/16 - site A and 10.0.2.0/24 - site B), would this cause any problems and does Umbrella know to use the more specific match so traffic from 10.0.2.0/24 will get marked marked correctly as site B?

5 REPLIES 5
Rising star

Re: Umbrella internal network ranges overlap

Ideally, you would have Umbrella VA(s) located in each Umbrella site and you would configure each local network's DNS servers to point to the Umbrella VA(s) associated with the site, so the Umbrella portal would never see traffic from 10.0.2.0/24 on the other site with the 10.0.0.0/16 supernet.

Participant

Re: Umbrella internal network ranges overlap

Thanks for the response. No I get that is the ideal, but this is regarding the Internal Networks section in Umbrella dashboard: Deployments > Configuration > Internal Networks. With multiple sites and VA's in each site, the internal networks used by organisation needs to be listed in the dashboard. My question is if I have a more specific subnet will DNS from that site match the more specific subnet in the list or match both supernet and subnet?

Highlighted
Rising star

Re: Umbrella internal network ranges overlap

I believe when you add the internal network to the dashboard you also specify which site that the subnet belongs to. That, plus the traffic being forwarded from the VA in that site should take care of the classification of the traffic.

Participant

Re: Umbrella internal network ranges overlap

Thanks, yeah I just checked and can specify the site for the network range. So its probably tying in with the appliance configured for that same site. I'll need to test it to see how it goes. 

Rising star

Re: Umbrella internal network ranges overlap

Yep, should be good to go. Be sure to let us know!