Check Device Compatibility
Umbrella connects and secures traffic from IPsec tunnels established by various network devices.
Table of Contents
- IPsec Tunnel Requirements
- Supported Devices for Setting Up IPsec Tunnels
- Unsupported Devices for Setting Up IPsec Tunnels
IPsec Tunnel Requirements
IPsec tunnels for Umbrella secure internet access must have an Maximum Transmission Unit (MTU) no larger than 1400 bytes, with an Maximum Segment Size (MSS) no larger than 1360 bytes. Fragmented packets in underlay or overlay are dropped. Slightly larger MTU and MSS may work depending on your specific IPsec configuration. For more information about establishing a tunnel to Umbrella, see Network Tunnel Configuration.
Supported Devices for Setting Up IPsec Tunnels
Umbrella integrates with the following network devices that create compatible IPsec tunnels.
| Platform | Software Version |
|---|---|
| Cisco ISR-G2 * Configure Tunnels with Cisco ISR | 15.4M3 |
| Cisco ISR-4K/Cisco 1000v * Configure IKEv2 IPsec Tunnel with Umbrella | 16.7.1, 16.8.1a |
| Cisco Catalyst SD-WAN (formerly known as Viptela) vEdge * Configure Tunnels with Cisco Catalyst SD-WAN cEdge and vEdge | 18.4.5+, 19.2.3+ |
| Cisco Catalyst SD-WAN (formerly known as Viptela) cEdge * Configure Tunnels with Catalyst SD-WAN cEdge and vEdge | IOS-XE 17.2 or later |
| Automatic Configuration of Cisco Catalyst SD-WAN (formerly known as Viptela) cEdge and vEdge devices * Configure Tunnels Automatically with Catalyst SD-WAN cEdge and vEdge | IOS-XE 17.2.1 or Viptela 20.1 or later IOS-XE 17.4.1 or Viptela 20.4.1 or later for active/active tunnel pairs |
| Cisco ASA * Configure Tunnels with Cisco Adaptive Security Appliance (ASA) | Cisco ASA v9.8 |
| Cisco ASA in CDO * Configure Tunnels Automatically with Cisco ASA and CDO | Cisco ASA v9.1.2+ |
| Cisco FTD * Configure Tunnels with Cisco Secure Firewall | 6.4+ ( 6.7 when using VTI) |
| Cisco Meraki MX Configure Tunnels with Meraki MX – Option 1 Configure Tunnels with Meraki MX – Option 2 | 15.3 |
Unsupported Network Devices for Setting Up IPsec Tunnels
Umbrella provides a series of guides for configuring and deploying IPsec tunnels in network devices, which are not supported by Umbrella. If you have a device that isn’t supported, we may not be able to provide assistance in using the device to establish a tunnel to Umbrella.
- Configure Tunnels with Alibaba Cloud IPsec
- Configure Tunnels with Azure IPsec
- Configure Tunnels with AWS IPsec
- Configure Tunnels with Fortinet IPsec
- Configure Tunnels with Google Cloud Platform (GCP) IPsec
- Configure Tunnels with Oracle IPsec
- Configure Tunnels with Palo Alto IPsec
- Configure Tunnels with Palo Alto Prisma SDWAN
- Configure Tunnels with Silver Peak
- Configure Tunnels with Sophos XG IPsec
Note: Since AWS Site-to-Site VPN cannot disable PFS, it is incompatible with Umbrella.
Manage Tunnels < Check Device Compatibility > Add Network Tunnel Identity
Updated 12 months ago