cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
886
Views
10
Helpful
4
Replies
AndreasKvist
Beginner

Umbrella to stop VPN in a school environment

Hi, 

 

Do you know if Umbrella is able to stop VPN connections on a school network. Question came up in a discussion with a customer considering Umbrella as an additional security layer. 

If you have any useful docs I´m to take a look at them. 

 

BR

 

Andreas

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Ingram
VIP Mentor

Yes, ideally permit outbound DNS to the Umbrella server only. From experience I'd do that with caution, there are probably a load of legitimate systems pointing to public DNS servers.

 

Relavant useful link:

https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-Circumvention-of-Cisco-Umbrella-with-Firewall-Rules

 

As it's a school you might want to consider blocking (DoH) DNS over HTTPS.

 

FYI, If you are deploying a VA (Virtual Appliance) you would also need to open a load of other ports as well.

View solution in original post

4 REPLIES 4
Rob Ingram
VIP Mentor

Hi @AndreasKvist 

You can block "Personal VPN" using Umbrella DNS Content Categories

https://docs.umbrella.com/umbrella-user-guide/docs/manage-dns-content-categories

 

HTH

Hi, I got recommended to also change port 53 to only accept Umbrella IPs. 

 

What do you think?

 

BR

 

Andreas

Rob Ingram
VIP Mentor

Yes, ideally permit outbound DNS to the Umbrella server only. From experience I'd do that with caution, there are probably a load of legitimate systems pointing to public DNS servers.

 

Relavant useful link:

https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-Circumvention-of-Cisco-Umbrella-with-Firewall-Rules

 

As it's a school you might want to consider blocking (DoH) DNS over HTTPS.

 

FYI, If you are deploying a VA (Virtual Appliance) you would also need to open a load of other ports as well.

View solution in original post

Thanks a million Rob, most helpful!

Content for Community-Ad

This widget could not be displayed.