- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2020 01:51 AM
Hi,
Do you know if Umbrella is able to stop VPN connections on a school network. Question came up in a discussion with a customer considering Umbrella as an additional security layer.
If you have any useful docs I´m to take a look at them.
BR
Andreas
Solved! Go to Solution.
- Labels:
-
Cloud Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2020 02:22 AM
Yes, ideally permit outbound DNS to the Umbrella server only. From experience I'd do that with caution, there are probably a load of legitimate systems pointing to public DNS servers.
Relavant useful link:
As it's a school you might want to consider blocking (DoH) DNS over HTTPS.
FYI, If you are deploying a VA (Virtual Appliance) you would also need to open a load of other ports as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2020 01:59 AM
You can block "Personal VPN" using Umbrella DNS Content Categories
https://docs.umbrella.com/umbrella-user-guide/docs/manage-dns-content-categories
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2020 02:13 AM
Hi, I got recommended to also change port 53 to only accept Umbrella IPs.
What do you think?
BR
Andreas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2020 02:22 AM
Yes, ideally permit outbound DNS to the Umbrella server only. From experience I'd do that with caution, there are probably a load of legitimate systems pointing to public DNS servers.
Relavant useful link:
As it's a school you might want to consider blocking (DoH) DNS over HTTPS.
FYI, If you are deploying a VA (Virtual Appliance) you would also need to open a load of other ports as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2020 02:25 AM
Thanks a million Rob, most helpful!
