MSSP User Documentation

The deployment-mssp Developer Hub

Welcome to the deployment-mssp developer hub. You'll find comprehensive guides and documentation to help you start working with deployment-mssp as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Extend Enforcement

How is Enforcement Extended Off-network?

Umbrella has a very lightweight DNS client that runs on your Windows or Mac OSX computers. It is not a VPN client or a local antivirus engine. It allows Umbrella security and policy-based protection, including our Intelligent Proxy, to be enforced no matter the network you are connected to. Whether you're at the office, the hotel, a coffee shop, or using a mobile hotspot, the Umbrella roaming client enforces policies set by you in Umbrella.

Why Use the Umbrella Roaming Client?

With our traditional network-based service, or with most traditional appliance-based network perimeter gateways, there are two limitations that are overcome with the Umbrella roaming client:

  • Roaming / Off-network—If a laptop leaves the office and is not using a full-tunnel VPN at all times (which can be slow), the laptop is unprotected from threats and undesirable content while roaming outside of the network.
  • Granular Reporting and Filtering—All the DNS traffic visible in your Umbrella Reports come from a single network identity. The Umbrella roaming client provides computer-level granularity that is specified in policies which you set up in the Umbrella dashboard. Not only can you enforce different Security and Content Filtering settings on a per-computer basis, but you also see computer-level Reports.
  • IP Layer Enforcement—Malware authors might use IP addresses that bypass DNS lookups when creating a threat. For instance, one of your users might receive a phishing email with a URL that has an IP address in it (for example, http://x.x.x.x/malware.exe,) while they're not in your office and protected by your firewalls. Or, a user may go home, insert an infected USB stick into their computer to look at their children's homework, and execute malware that contacts http://x.x.x.x:3000/malicious/bad.exe. Some IP addresses are simply known to be bad. Other IP addresses may host valid content on non-HTTP ports, while the web ports host malicious content. The inverse is also true; IP addresses can host legitimate HTTP websites but also host malicious command and control hosts on a non-standard port. The IP Layer Enforcement feature handles all of these scenarios.

Install the Cisco Umbrella Root Certificate < Extend Enforcement > Create and Apply Policies

Updated 2 years ago

Extend Enforcement

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.