Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
1
Replies

Umbrella ISR Connector w/ Virtual Appliance for AD Integration

Daniel Lucas
Level 1
Level 1

‎02-18-2019 12:10 PM

I am looking into implementing Umbrella for a customer with a couple remote branches. Each branch currently has a local DC. I like the idea of the transparently inspecting the queries with an ISR, but it looks like that doesn't currently support including user identity. Would deploying a virtual appliance for the sole purpose of connecting to AD and pulling user-to-IP mapping, and letting the ISR handle the conditional forwarding work? Would Umbrella still be able to piece together the user-to-query mapping even if the information comes from two different devices? Below is a quick diagram of what I am curious about - the big benefit to this is that endpoints don't need to change their current DNS settings (which can be a little bit of a pain if there are devices with static settings).Drawing1.png

 

-Thanks

Labels:
0 Helpful
1 Reply 1

Daniel Lucas
Level 1
Level 1

‎02-18-2019 12:44 PM

Nevermind - re-read the guide, and the AD Connector is installed on a separate server, and doesn't require the Virtual Appliance - so this should work.
Since I already made the post, anyone have any experience with this yet?
0 Helpful
Customers Also Viewed These Support Documents