Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3556
Views
0
Helpful
5
Replies

WSA and Umbrella

lambay2000
Level 2
Level 2

‎01-16-2021 05:21 AM

hello friends,

i m little confuse, can anybody clear my doubt,

 

  1. i shld consider wsa, umbrella as a separate product ??
  2. how WSA can protect roaming users if they are outside the corporate network. , as i know somebody will reply that the users have to connect through anyconnect vpn client and they shld be connected to corporate network to be protected, for instance if they are not connected to the corporate network through anyconnect client then what is the solution.
  3. i was thinking that wsa policy for the users can sync with umbrella cloud  if they are not connected through anyconnect vpn client to the corporate network 

 

please help to understand how to provide full security.

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎01-16-2021 09:48 AM

Hi @lambay2000 

Yes, WSA and Umbrella are separate products. WSA is on-premise web proxy and Umbrella is cloud based DNS filtering and Web proxy.

 

WSA cannot protect roaming users if they are off the network, they would need to be connected to the VPN to access the WSA. Umbrella can protect the users when roaming and not connected to the VPN.

 

I don't believe WSA and Umbrella policies can be synced.

0 Helpful

lambay2000
Level 2
Level 2
In response to Rob Ingram

‎01-16-2021 12:42 PM

Dear Rob,

if the corporate user is disconnected from the vpn and he is using internet for private use he can be affected by any website becz now there is no WSA filtering  if incase he get affected by malware and he is not aware of that, the next day he will connect his laptop to the corporate network and he will spread the malware, so accordingly cisco security related to WSA is not good, 

 

In this case cisco is forcing to by  umbrella for the users who will avoid using vpn and use internet through corporate policy.

 

Please suggest alternate solution, i think bluecaot has policy that can be synced from on premise to cloud, previous it use to work with wsa and wsc, i dont understand y cisco stopped for umbrella.

 

thanks

0 Helpful

lambay2000
Level 2
Level 2
In response to lambay2000

‎01-26-2021 01:01 PM

anybody have comment on my reply

0 Helpful

Todd Everett
Cisco Employee
Cisco Employee

‎02-07-2023 09:26 AM

As with your original question, many Cisco clients have been deploying a combination of WSA for network based web proxying and decryption, and Umbrella SIG DNS and decrypting proxying to address the split horizon of web traffic routing.

Happily, Cisco has recently (2022) released policy and reporting synchronization between the solution, as well as the ability to do Advanced Web Reporting for organizations with high traffic volumes across both solutions. 

As originally stated, for a single solution, the WSA/SWA (renaming) would only be effective for on-premise devices and roaming devices that are forced to redirect all web (http/https) traffic through a VPN. If you have WSA and need to support mobile devices connecting to the internet directly from remote locations, you can migrate to Cisco's Umbrella SIG (Secure Internet Gateway - cloud web proxying solution) for both on- and off-network devices.

Your Cisco sales team should help you convert your remaining contract over and with migration support.

0 Helpful

Ken Stieers
VIP
VIP
In response to Todd Everett

‎02-07-2023 09:29 AM

And there's a beta that's about to start for hybrid WSA/Umbrella SIG.
I can put you in touch with the beta manager if you're interested.

0 Helpful
Customers Also Viewed These Support Documents