The Umbrella Deployment Documentation Developer Hub
Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!
A network is an identity in Umbrella and is defined by the public IP space of the network itself. All traffic originating from that IP space is identified as coming from that network in Umbrella. Thus, to add a network to Umbrella you add the public IP space, or IP range, to define the scope of identity.
Once the identity has been added, you'll need to build policies to extend Umbrella's protection to any device that connects to the internet from behind that network. For more information, see Create and Apply Policies.
Wait, what's an identity?
An identity is an entity that you can enforce policy against and report on. It can be very high level—an entire network can be an identity—or very granular—down to the individual logged in user in Active Directory.
Step 1 – Select the appropriate network
First, find out the information about the network that computer you're currently using is connected to. In order to do this, you'll need to know the public "WAN" or "egress" IP of your network.
In Umbrella, navigate to Deployments > Core Identities > Networks. You'll find your IP address listed at the top of the page. If you don't see your IP address, click the i (Information icon).
Pre-registering your networks
If you plan to have multiple network identities, it's a good idea to register all of your networks with Umbrella right away. Chances are if you have more than one public egress IP in your organization, you'll have more than one network identity. Having the networks pre-registered ensures that they're available right away when you do point traffic. It also ensures that all the IP space that belongs to your company is correctly assigned in our systems. Until traffic is pointed to Umbrella's DNS service, no protection is available and there is no reporting so there's no harm in adding in all networks beforehand.
Note: If you have the Umbrella Professional package, and you attempt to add a network other than the one currently being used to access the Umbrella dashboard, you will be prompted to contact Support for manual verification. You'll also need manual verification from support for IP ranges larger than a /29 network. Verification cases are created automatically and you'll receive an update as soon as it's reviewed.
Step 2 – Set up the Network Identity
Before you begin, it's a good idea to determine if you have a dynamic IP address. Most home, small school, and small business networks are typically provisioned by Internet Service Providers (ISPs) with a dynamic IP address when defining each unique internet network. Chances are that if you're not sure if you have a dynamic IP address, you almost certainly do.
Note: Most Dynamic DNS (DDNS) clients work toward keeping your network updated; however, third party DDNS clients are not supported by Support.
To add a network:
Navigate to Deployments > Core Identities > Networks and click Add.
Note: If possible, add the network from the IP being registered, otherwise an email will be generated that will require a link to be visited from the IP address of the network being registered.
In the Add a New Network modal, give your new identity a meaningful Network Name and add its IP address along with the subnet mask, usually a /32 subnet—a single IP address. Giving your identity a good network name will help you find it easily when you later add a policy against it through the Policy wizard.
If it's a dynamic IP address, check Dynamic and download the Umbrella Dynamic IP Updater:
A dynamic IP address means that the 'public' IP of your network changes over time when the 'lease' for that IP address changes. Your IP may stay the same for several weeks, but the lease will eventually expire and be given to another customer of your ISP. When the IP address you've registered with Umbrella changes, the Umbrella security settings no longer apply. These settings no longer match your account information and must be updated. To avoid having to manually update this information, we recommend installing the Umbrella Dynamic IP Updater on at least one computer within the network that you've registered in Umbrella. The Umbrella Dynamic IP Updater automates the discovery and registration of a network's IP address to your Umbrella account whenever the dynamic IP address changes. If you do not do this, you must manually re-enter your IP address each time it changes. For more information, see Networks with Dynamic IP Addresses.
To maintain and automatically update your dynamic IP when it changes, following these guidelines:
The computer should be stationary to the network and not a laptop (only used in the network on which you are configuring Umbrella).
The computer should always be powered on (or turned on before any other computers log onto the network.)
Click Save. Once the service validates your IP address, the network appears in the list at Deployments > Core Identities > Networks. Initially, Umbrella lists your new network identity's status as Inactive. Network status only changes to Active when DNS traffic is sent to Umbrella from the network. The policy applied to your new identity depends on your policy configurations. If you have a policy configured that includes network identities, Umbrella applies that policy; otherwise; Umbrella applies the Default policy.
Step 3 – Change the DNS settings on your relevant network device
You need only do this on your edge DNS equipment, typically a DNS or DHCP server, or a router—this could be your DSL router or cable modem if that's the only router in your network.
Note: The client on which you test must have either retrieved a new set of DNS servers from the DNS/DHCP server or router, or have had its DNS settings changed manually for you to be able to verify successfully.
Step 4 – Test your network
And that's it! At this point, you may need to restart your client's network interface (or simply restart the computer) and then you should be able to verify that your DNS connections are being routed through the Cisco Umbrella global network by going to the following page in your client's browser: https://welcome.umbrella.com/