Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
3
Replies

Umbrella API integration in my vEdge using SD-WAN is not working

aakash-sn
Level 1
Level 1

‎01-09-2025 11:02 PM - last edited on ‎01-10-2025 12:37 AM by Cisco Employee

I have done Umbrella API integration in my vEdge using SD-WAN, but it is not working. The welcome.umbrella.com page is not loading, but in Umbrella, it shows the device is connected. What could be the problem here? I have attached the steps I followed and screenshots of the outputs below.

    • Steps to Integrate Umbrella API in vEdge using SD-WAN
      1.
      Navigate to Policies:
      • From the vManage GUI, go to Configuration -> Policies.

      • Under Centralized Policy, click on Add Policy.

      1.
      Create Site List:
      • Click on Site from the left pane and then click on + New Site List.

      • Enter the name of the Site list as Site-id and add the site in the Add Site column. Click Add and then Next.

      1.
      Configure Topology and VPN Membership:
      • On the Configure Topology and VPN Membership page, click Next.
      2.
      Configure Traffic Rules:
      • In the Configure Traffic Rules window, click on the Traffic Data tab and then click on Add Policy -> Create New.

      • Enter the Name and Description of the data policy as Umbrella.

      • Click on +Sequence Type and select Custom to create a custom policy.

      • Click on +Sequence Rule. From the Match window, select DNS.

      • Select the IP Address radio button and enter 208.67.222.222 in the IP address field.

      • Under Match, click on DNS Application List and select Google_Apps from the dropdown menu.

      • Click on Save Match and Actions.

      1.
      Add Another Sequence Rule:
      • Click on +Sequence Rule. From the Match window, select DNS.

      • From the DNS dropdown, select Response. Navigate to Actions and select the Accept radio button.

      • Scroll right to select the Redirect DNS option.

      • Select the Host radio button.

      • Under Match, click on DNS Application List and select Google_Apps from the dropdown menu.

      • Click on Save Match and Actions.

      1.
      Set Default Action:
      • Click on Default Action, then click on Edit (pencil icon) and select Accept.

      • Click on Save Match and Actions.

      • Click on Save Data Policy and then Next.

      1.
      Apply Policies to Sites and VPN:
      • Enter the name of the policy as Umbrella and description as Securing with Umbrella.

      • Click on the Traffic Data tab and then click on +New Site List and VPN List.

      • Select the All radio button, choose Site from the Select Site List dropdown, and select VPN1 from the Select VPN List dropdown. Click Add.

      • Click Save Policy.

      1.
      Update Device Templates:
      • Navigate to Configuration -> Templates.

      • Under Device Templates, click the icon on the Remote-D template and select Edit.

      • Under Additional Templates, select Baseline_Policy from the Policy dropdown and click Update.

      • Click Next and then Configure Devices. Verify the status is Success.

      1.
      Activate Policy:
      • Navigate to Configuration -> Policies.

      • Click the icon on the Umbrella policy and click on Activate twice.

      • After activating the policy, your site is integrated with Umbrella. The Service_VPN10_ge0/1 configurations made in Umbrella will be reflected in your site.

      1.
      Manage Umbrella Registration:
      • Navigate to Configuration -> Security.

      • From the top right of the window, click Custom Options and select Manage Umbrella Registration.

      • Scroll down to find Umbrella Registration.

      • Obtain the API token, Registration key, Secret, and Organization ID from the trainer, paste them, and click Save Changes.

      1.
      Add Security Policy:
      • Click on Add Security Policy, select Direct Internet Access, and click Proceed.

      • Click Next on the Firewall Policy page.

      • Click Next for Intrusion Prevention, URL Filtering, and Advanced Malware Protection pages.

      • On the DNS Security page, click on +Add

      DNS Security Polic and select Create New.

      • Enter the Policy Name as Umbrella_API. You will notice the Umbrella registration status as Configured.

      • Click on the Custom VPN Configuration radio button.

      • Click on Got it! if prompted.

      • Click on +Target VPNs and enter 1 in the VPNs column. Click Save Changes.

      • Leave others as default and click on Save DNS Security Policy.

      • Click Next.

      1.
      Finalize Security Policy:
      • Click Next for TLS/SSL Decryption.

      • Click Next and enter the Security Policy Name and Description as Umbrella_API_DIA on the policy summary page.

      • Click Save Policy.

      1.
      Update Security Policy in Device Templates:
      • Navigate to Configuration -> Templates.

      • Click the icon on the Remote template and select Edit.

      • Scroll down to Additional Templates and remove the Baseline_Policy by selecting None from the Policy dropdown.

      • Scroll down and select Umbrella_API_DIA from the Security Policy dropdown.

      • Click Update and then Next. Click Configure Devices and verify the status is Success.

 

      after doing this this is the output i got from vedge

 

aakashsn_0-1736491833751.png

and tried to connect it welcome.umbrella.com but this the result I got

aakashsn_1-1736491933954.png


Vedge version 20.6.5 and controller version 20.6.5

0 Helpful
3 Replies 3

aakash-sn
Level 1
Level 1
In response to Erika383Rivera

‎01-10-2025 01:22 AM

Thanks for the reply. 

0 Helpful

Jeongjun Park
VIP
VIP

‎01-16-2025 07:26 AM

You configured DNS Security policy to achieve this.

Try to check whether the vedge has been registered in the umbrella dashboard (Especially Network device)

To achieve this, It should be registered !

 

* When It comes to "Redirect DNS" under Traffic data, It needs SIG tunnels.

0 Helpful

aakash-sn
Level 1
Level 1
In response to Jeongjun Park

‎01-17-2025 03:59 AM

Thanks for the reply. The device is attached to Umbrella. Let me check with the SIG tunnels and get back to you.

0 Helpful
Customers Also Viewed These Support Documents