Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
3
Replies

Configure Cisco Umbrella in a remote office

danielsanmartin
Level 1
Level 1

‎12-07-2024 09:22 AM

I would like your opinion on how to implement Umbrella in our client.
There are two locations. The central office and a remote office.
All the servers are located in the central office.
There is a site-to-site VPN between both locations. The central office has a FPR1140 and the remote office has a FPR1010.
Each location has its own internet connection.
The question would be how to implement Umbrella in the remote office. This office makes its DNS queries to the central office servers through the site-to-site VPN, but the internet outbound is done through its own connection to the ISP.
I know that in the central office I could use Umbrella VA, but in the remote office there is no infrastructure to be able to install the VA.

Daniel A. Sanmartin
Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎12-07-2024 10:30 AM

I would use the Umbrella connector on the branch FTD to redirect public DNS queries to the internet. This is quite straightforward and very similar to the functionality you would get with a VA on the branch site.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/integrations/umbrella-dns/configuring-the-umbrella-dns-connector-for-cisco-secure-firewall-management-center.html

0 Helpful

danielsanmartin
Level 1
Level 1
In response to Karsten Iwen

‎12-09-2024 07:26 AM

Hi Karsten Iwen,

Thank you for the prompt response.
One additional question. Is enabling Umbrella integration with FMC and applying DNS policies enough to protect the network?
I did everything that the document you sent me indicates, but I don't see the remote network enabled in the Umbrella dashboard.

Daniel A. Sanmartin
0 Helpful

andre.baumgarten
Level 1
Level 1

‎01-15-2025 03:32 AM

Hello,

1. I also tried the Umbrella Integration, works good... but it seems that reverse DNS was not working so we went back to VAs. We have Brances asking VAs in central Hub sites at the moment. But Umbrella FTD integration is made for exactly that. We did not open a TAC Case, so im am not sure if this was expected behavior or a defect

2. When you enable the integration you have to Synch FMC with Umbrella and assign a DNS Policy with the corresponding Umbrella Policy. As soon the device starts redirecting you should see the device in the "Network Device" view.

0 Helpful
Customers Also Viewed These Support Documents