Cisco Secure Firewall supports DNS integration with Cisco Umbrella. This integration enables the firewall to redirect DNS queries to Umbrella and allows Umbrella to apply DNS-based security policies.
Table of Contents
Prerequisites
- Cisco Secure Firewall Management Center (FMC) running version 7.2 or above.
- FMC-managed Cisco Firepower Threat Defense (FTD) firewall running version 6.6 or above.
- FTD able to resolve and connect to api.opendns.com over port 443 for initial registration.
- FTD access over TCP and UDP on port 53 (DNS) to 208.67.220.220 and 208.67.222.222—the Cisco Umbrella public DNS resolvers.
- The Umbrella Digicert CA (registration server certificate) installed on the FTD devices. The certificate needs to be trusted for purposes of 'SSL Server' validation which is a non-default option in FMC.
- FMC Base license with ‘export-control’ functionality allowed.
- The FMC needs to be able to resolve management.api.umbrella.com for policy configuration
Limitations
- Rollback of Umbrella configuration is not supported.
Configure the Umbrella Connection
To configure the Umbrella Connection, refer to the Cisco Secure Firewall Management Center Device Configuration Guide.
Create and Manage Umbrella DNS Policies
To create and manage Umbrella DNS policies, refer to the Cisco Secure Firewall Management Center Device Configuration Guide.
Cisco DNA Center < Cisco Secure Firewall
Updated 6 months ago