Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
597
Views
0
Helpful
1
Comments

How packets are processed by Cisco Umbrella

Meddane
VIP
VIP

on ‎09-11-2023 01:05 AM

Traffic forwards to Umbrella from networks, IPsec tunnels, network devices, and client connectors and forwarders. Umbrella represents a network entity, user, or group as an identity in an Umbrella policy. Umbrella policy settings apply to an identity and a destination.

When Umbrella receives a destination request from an identity, Umbrella applies the enabled DNS policies to the destination. If the Umbrella DNS-layer security does not block the destination, Umbrella forwards web traffic to the cloud-delivered firewall and the secure web gateway. If HTTPS inspection is enabled on the web policy, the DLP policy monitors and blocks sensitive data transmission in outbound web traffic.

The following diagram displays how traffic flows from network entities and client connectors through Umbrella.

 

How packet is processed

 

  1. Upon receiving a DNS request, Umbrella matches an enabled DNS policy to an identity and destination. The DNS-layer security applies the action defined in the DNS policy.
  2. If you enable a Firewall policy, Umbrella forwards any requests allowed by the DNS-layer security to the cloud-delivered firewall. The Umbrella cloud-delivered firewall either filters the request or forwards the web traffic on port 80 or 443 to the secure web gateway (SWG).
  3. If you enable a web policy, the Umbrella secure web gateway (SWG) evaluates web traffic on ports 80 and 443 and applies the actions defined in the web policy.
  4. If you enable HTTPS inspection in the web policy, the DLP policy monitors and optionally blocks sensitive data detected in outbound web traffic.
  5. Next, allowed traffic egresses through Network Address Translation (NAT).

 

0 Helpful
Comments
brandon698sherrick
Level 1
Level 1
‎05-03-2024 03:07 AM

Hello,

Traffic is forwarded to Umbrella from various sources like networks, IPsec tunnels, network devices, and client connectors.
Umbrella uses identities to represent network entities, users, or groups, and applies policy settings based on these identities and their destinations.
When a destination request is received, Umbrella applies the relevant DNS policies. If the destination isn’t blocked by DNS-layer security, the traffic is then forwarded to the next security layers.
If the destination passes DNS-layer security and a Firewall policy is enabled, the traffic is sent to the cloud-delivered firewall. The firewall filters the request or forwards it to the Secure Web Gateway (SWG) on ports 80 or 443.
If a web policy is enabled, the SWG evaluates the web traffic. If HTTPS inspection is also enabled, the Data Loss Prevention (DLP) policy monitors and can block sensitive data in outbound traffic.
Finally, allowed traffic exits through Network Address Translation (NAT KY.

This process ensures that only safe and policy-compliant traffic is allowed through, while potentially harmful or non-compliant traffic is blocked or filtered out. If you have any specific questions or need further clarification on any of the steps, feel free to ask!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents