Guides
ProductDeveloper
Guides

Check Device Compatibility

Umbrella connects and secures traffic from IPsec tunnels established by various network devices.

Table of Contents

IPsec Tunnel Requirements

IPsec tunnels for Umbrella secure internet access must have an Maximum Transmission Unit (MTU) no larger than 1400 bytes, with an Maximum Segment Size (MSS) no larger than 1360 bytes. Fragmented packets in underlay or overlay are dropped. Slightly larger MTU and MSS may work depending on your specific IPsec configuration. For more information about establishing a tunnel to Umbrella, see Network Tunnel Configuration.

Supported Devices for Setting Up IPsec Tunnels

Umbrella integrates with the following network devices that create compatible IPsec tunnels.

PlatformSoftware Version
Cisco ISR-G2

- Configure Tunnels with Cisco ISR
15.4M3
Cisco ISR-4K/Cisco 1000v

- Configure IKEv2 IPsec Tunnel with Umbrella
16.7.1, 16.8.1a
Cisco Catalyst SD-WAN (formerly known as Viptela) vEdge

- Configure Tunnels with Cisco Catalyst SD-WAN cEdge and vEdge
18.4.5+, 19.2.3+
Cisco Catalyst SD-WAN (formerly known as Viptela) cEdge

- Configure Tunnels with Catalyst SD-WAN cEdge and vEdge
IOS-XE 17.2 or later
Automatic Configuration of Cisco Catalyst SD-WAN (formerly known as Viptela) cEdge and vEdge devices

- Configure Tunnels Automatically with Catalyst SD-WAN cEdge and vEdge
IOS-XE 17.2.1 or Viptela 20.1 or later
IOS-XE 17.4.1 or Viptela 20.4.1 or later for active/active tunnel pairs
Cisco ASA

- Configure Tunnels with Cisco Adaptive Security Appliance (ASA)
Cisco ASA v9.8
Cisco ASA in CDO

- Configure Tunnels Automatically with Cisco ASA and CDO
Cisco ASA v9.1.2+
Cisco FTD

- Configure Tunnels with Cisco Secure Firewall
6.4+ ( 6.7 when using VTI)
Cisco Meraki MX
Configure Tunnels with Meraki MX – Option 1
Configure Tunnels with Meraki MX – Option 2
15.3

Unsupported Network Devices for Setting Up IPsec Tunnels

Umbrella provides a series of guides for configuring and deploying IPsec tunnels in network devices, which are not supported by Umbrella. If you have a device that isn’t supported, we may not be able to provide assistance in using the device to establish a tunnel to Umbrella.

Note: Since AWS Site-to-Site VPN cannot disable PFS, it is incompatible with Umbrella.


Manage Tunnels < Check Device Compatibility > Add Network Tunnel Identity