cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

392
Views
10
Helpful
4
Replies
Beginner

Umbrella and Users entering IP address

Hello,

 

We are looking at adopting Umbrella. However, I have some concerns with this solution.

 

Right now, my top concern is user's being able to bypass Umbrella by entering an IP address instead of a fully qualified domain name in whatever application they are using (browser, sftp client, ssh client, etc...)

 

How will Umbrella be able to guard against this if all we are sending to Umbrella is DNS request?

 

Thank you in advance for any assistance,

~ Allen Rongone

4 REPLIES 4

Re: Umbrella and Users entering IP address

Hi

 

It won't deal with it.

 

Umbrella is only based on dns request.

 

Regards

Beginner

Re: Umbrella and Users entering IP address

Jerome,

 

Thank you for your response.

 

So if I understand you correctly, unlike conventional proxies where all traffic is passed through the proxy, an malicious insider could circumvent Umbrella simply by using IP addressing instead of FQDN.

 

Is that a fair statement?

 

Thank you,

~ Allen

Cisco Employee

Re: Umbrella and Users entering IP address

Hi, the umbrella roaming client can intercept IP addresses. You would need the Umbrella Insight or higher package.

https://deployment-umbrella.readme.io/v1.0.5/docs/6-adding-ip-layer-enforcementz

Highlighted

Re: Umbrella and Users entering IP address

Hi

 

I was not aware of that. Thanks.

 

By the way, there are several important limitations to this remediation :

1) The Umbrella roaming client does not currently support IPv6 or dual stack IPv4/IPv6

2) All traffic need to be tunneled to Umbrella using IPSEC which is more intrusive than sharing dns request. Moreover, IPSEC might not work on some case (firewall limitations...).

 

Regards