The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Add a Firewall Policy

The Umbrella cloud-delivered firewall provides firewall services, without the need to deploy, maintain and upgrade physical or virtual appliances at each site. The cloud-delivered firewall relies on your on-premise appliances to build tunnels to the Umbrella cloud without the need to upgrade or deploy any additional physical or virtual appliances.

Through the firewall policy rules written in the Umbrella dashboard, you can filter traffic at layer 3 and layer 4 that originates on the internal network but is destined for the internet. You can block apps at layer 7 as well.

Prerequisites

Add a Firewall Policy

  1. Navigate to Policies > Management > Firewall Policy and click Add.

If Umbrella displays the message "You are missing a tunnel connection", click Add A Tunnel. Tunnels are required for firewall policies. For more information about setting up tunnels, see Add a Tunnel: Cisco ASA, Add a Tunnel: Cisco ISR, or Add a Tunnel: Viptela.

  1. Give your rule a good descriptive Name, a Description for the rule, and choose a Priority Order.
    Priority Order positions rules in the Firewall Policy in the order in that rules are evaluated and then applied. Rules are applied sequentially, with the Default Rule always in the last position.
  1. Choose the rule's criteria:
    • Protocol—The protocols to which the rule applies. Options are TCP, UDP, ICMP, or any.
    • Applications—The applications and app categories to which the rule applies.
    • Source Tunnels—The source tunnel to which the rule applies.
      Search for tunnels to add them. Up to three tunnels are displayed dynamically as you begin entering text.
    • Source IPs/CIDRS—The tunnel's source addresses (IPs or CIDRs) to which the rule applies—in a plain-text list, delimited by commas, or "any".
    • Source Ports—The tunnel's source ports to which the rule applies—in a plain-text list, delimited by commas, or "any".
    • Source IPs/CIDRS—The tunnel's source addresses (IPs or CIDRs) to which the rule applies—in a plain-text list, delimited by commas, or "any".
    • Destination IPs/CIDRS—The tunnel's destination addresses (IPs or CIDRs) to which the rule applies—in a plain-text list, delimited by commas, or "any".
    • Destination Ports—The tunnel's destination ports to which the rule applies—in a plain-text list, delimited by commas, or "any".
  1. Choose a Time Zone, configure Start and Expiration dates and times.
    Optionally, check Does Not Expire so that this rule never expires.
  1. Select an interval for the hit counter. If you disable logging for this firewall rule, the hit counter is also disabled. For more information, see Monitor Hit Count.
  1. Configure Rule Action:
    a. Choose Block Traffic or Allow Traffic to specify what happens to traffic matching these Firewall policy rules.
    b. Enable or Disable logging.
    Note: Logging is disabled by default. If you disable logging, the hit counter is also disabled.
    C. Enable or Disable this Firewall rule.
  1. Click Save.

Manage Firewall < Add a Firewall Policy > Delete a Firewall Policy

Updated 2 months ago

Add a Firewall Policy


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.