Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
5
Replies

Umbrella /w Decryption

Go to solution
guacamoley
Level 1
Level 1

‎05-30-2024 07:23 AM

 I'm having a tough time understanding Umbrella's decryption capabilities. Since Umbrella is just analyzing the DNS Request, how is it able to utilize file policy when Decryption is enabled? Furthermore, my edge firewall is already providing SSL Decryption for internet capabilities. Do I need to worry about using decryption both on the endpoint and the perimeter? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to guacamoley

‎05-31-2024 05:42 AM

With advanced intelligent proxy SOME traffic, the possibly suspect traffic, goes to the proxy. The list of sites that are sent isn't published, but you can look at what traffic of yours is going in the Umbrella console.

If you just have DNS Essentials, none of your traffic goes to the proxy.



View solution in original post

0 Helpful
5 Replies 5

Go to solution
Ken Stieers
VIP
VIP

‎05-30-2024 07:43 AM

What level of Umbrella are you using? Just DNS? SIG?
And how are you getting the data there if SIG? Tunnels? Client?

0 Helpful

Go to solution
guacamoley
Level 1
Level 1
In response to Ken Stieers

‎05-30-2024 07:44 AM

Just DNS. Majority of traffic through secure client. 

0 Helpful

Go to solution
franzd
Cisco Employee
Cisco Employee

‎05-30-2024 04:56 PM

Depending on which DNS tier you are using (Essentials/Advantage):
Essentials - provides you DNS security
Advantage - has intelligent proxy capability which proxies requests to those "grey" sites that we call (e.g. reddit).

So if you are using Essentials, then you will definitely not going to see any web traffic from your activity logs.

Why use Umbrella if you already have a firewall in the HQ? Few reasons:

  • Most of the organizations today now has a hybrid workforce which your on-prem firewall cannot protect. Yes you can have them VPN-in, but are they really going to? Especially now that most of the applications we use are in the cloud.
  • Visibility - application discovery report would give you great visibility about the applications your users were using. This gives you visibility into those unsanctioned applications like pdf/word converters for example that you can then block. (you cannot block what you cannot see)
  • Alleviate TLS decryption load from the firewall - TLS decryption is resource intensive, you can utilize umbrella to offload these from the firewall.

HTH

 

 

0 Helpful

Go to solution
guacamoley
Level 1
Level 1
In response to franzd

‎05-31-2024 05:23 AM

I'm still finding this confusing. So with DNS Security, intelligent proxy doesn't do anything? But with advantage intelligent proxy will send the actual https traffic to the proxy or will it just send the dns requeste to the proxy?

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to guacamoley

‎05-31-2024 05:42 AM

With advanced intelligent proxy SOME traffic, the possibly suspect traffic, goes to the proxy. The list of sites that are sent isn't published, but you can look at what traffic of yours is going in the Umbrella console.

If you just have DNS Essentials, none of your traffic goes to the proxy.



0 Helpful
Customers Also Viewed These Support Documents