09-18-2019 08:47 PM
This is regarding the internal networks that need to be configured in Umbrella. I have a network where my 10.0.0.0/16 is used primarily at one site, and have another subnet in this range (10.0.2.0/24) used at another site. If I add both internal networks (10.0.0.0/16 - site A and 10.0.2.0/24 - site B), would this cause any problems and does Umbrella know to use the more specific match so traffic from 10.0.2.0/24 will get marked marked correctly as site B?
09-18-2019 10:07 PM
Ideally, you would have Umbrella VA(s) located in each Umbrella site and you would configure each local network's DNS servers to point to the Umbrella VA(s) associated with the site, so the Umbrella portal would never see traffic from 10.0.2.0/24 on the other site with the 10.0.0.0/16 supernet.
09-19-2019 05:53 AM - edited 09-19-2019 05:54 AM
Thanks for the response. No I get that is the ideal, but this is regarding the Internal Networks section in Umbrella dashboard: Deployments > Configuration > Internal Networks. With multiple sites and VA's in each site, the internal networks used by organisation needs to be listed in the dashboard. My question is if I have a more specific subnet will DNS from that site match the more specific subnet in the list or match both supernet and subnet?
09-19-2019 07:38 AM
I believe when you add the internal network to the dashboard you also specify which site that the subnet belongs to. That, plus the traffic being forwarded from the VA in that site should take care of the classification of the traffic.
09-24-2019 05:27 PM
Thanks, yeah I just checked and can specify the site for the network range. So its probably tying in with the appliance configured for that same site. I'll need to test it to see how it goes.
09-24-2019 07:05 PM
Yep, should be good to go. Be sure to let us know!
07-08-2022 12:33 PM
Hello @Madura Malwatte. I too have the same issue. We have the /16 network, but i want to be able to apply a policy to just a /21 within that /16. Did this work for you? Both of mine will be at the default site, but will require different policies, and just want to make sure Umbrella will see the more specific subnet and apply that first. There is no reordering that can be done.
Thanks.
07-22-2022 04:16 PM
Umbrella should treat the smaller subnet with higher priority. Let us know if it doesn't!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: