The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Automatic: vEdge & cEdge

Introduction

Cisco Umbrella auto tunnel support on SD-WAN-enabled WAN Edge routers enables redirection of Secure Internet Gateway (SIG) traffic to the nearestUmbrella Data Center. Auto tunnel supports:

  • WAN Edge routers (ISR4K/1K, CSR1000v, ISRv, vEdge)
  • Cisco Umbrella SIG

Prerequisites

  • IPsec Tunnels (one primary and one secondary tunnel recommended for ISP redundancy).
  • IOS-XE 17.2.1 or Viptela 20.1 or later.
  • A Management API Key and Secret (generated from the Umbrella Dashboard)
  • You must enable NAT in the vEdge feature template that faces the internet.

Known Limitations

  • ECMP is not available when multiple tunnels are configured

Configuration

Configure a SIG feature template

  1. In vManage, navigate to Configuration > Templates > Feature > Add Template.
  2. Select Cisco Secure Internet Gateway, then Configure a Primary & Secondary Tunnel.

Configure a SIG Credentials Template

  1. In vManage, navigate to Configuration > Templates > Feature > Add Template.
  2. Select Cisco SIG Credentials, then enter your Organization ID, Registration Key and Secret (the Umbrella Management API key and secret).

    If Smart Account details are already configured in vManage settings, click Get Keys.

Configure Traffic redirection to Umbrella SIG

  1. Modify the Service VPN template to include a Service Route to SIG.

Attach SIG Template and SIG Credentials template to the Device Template

  1. Navigate to Device Template > Transport & Management Section.
  2. Add the Cisco Secure Internet Gateway Template , then select the template you created.
  3. Navigate to Device Template > Additional Templates, then add the Sig Credentials Template under Additional Templates.

Configure vManage

  1. In vManage, navigate to Configuration > Templates > Feature > Add Template > Select Device, then select Cisco Secure Internet Gateway.
  1. Enter a template name and description, then click Add Tunnel.
  1. Enter an ipsec interface name and an egress interface as source (this is typically an Internet-facing interface), then click Add.

  2. (Optional): add another tunnel to be a secondary (backup) tunnel. The secondary tunnel is intended to be used only for redundant ISPs.

Configure an Active & Backup in the High Availability section

  1. Designate your primary tunnel as Active.

  2. If you have configured a secondary tunnel, designate it as Backup. Otherwise select None as Backup.

  3. Click Save.

Configure Smart Account Credentials in vManage (optional)

  1. In vManage, navigate to Administration > Settings.

  2. Enter your credentials, then click Save.

Configure SIG Credentials Template

  1. In vManage, navigate to Configuration > Templates > Feature > Add Template > Select Device, then select Cisco SIG Credentials.
  1. If your Smart Account Credentials are configured, click Get Keys. If your Smart Account Credentials are not configured, enter your Org ID, Management API registration key and secret (to obtain these, navigate to Admin->API Key->Management APIs in the Umbrella dashboard). For more information, refer to the Management API Keys documentation.

Configure Traffic redirection to SIG

  1. Edit the Service VPN template to include a “Service Route” to SIG for 0.0.0.0/0

Attach SIG Template to the Device Template

  1. In vManage, navigate to Configuration > Templates > Device Template. Select a Device Template, to Edit.
  1. Under Additional Templates, Select the Cisco Sig Credentials template, then select the template you created in the previous step.

After a device template is applied to the device, internet-bound traffic is redirected to the Umbrella SIG data center.

Configure a Network Identity in Umbrella

  1. Refer to Add a Network Identity.

Configure Umbrella SIG Cloud Firewall Policy

  1. Refer to Add a Firewall Policy.

Configure Umbrella SIG Web Policy

  1. Refer to Add a Web Policy.

Additional Information

Refer to Best Practices Web Policies for more information.

Refer to Getting Started with Reports for information about monitoring your Umbrella SIG policies.


Manual: cEdge](doc:manual-cedge) < Automatic: vEdge & cEdge* > Manual: Cisco ASA](doc:add-a-tunnel-cisco-asa) : vEdge & cEdge

Updated 17 days ago

Automatic: vEdge & cEdge


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.