Umbrella's cloud-delivered firewall (CDFW) provides firewall services without the need to deploy, maintain, and upgrade physical or virtual appliances at a site. The Umbrella CDFW supports visibility and control of internet traffic across branch offices. Umbrella logs all network activity and blocks unwanted traffic using IP, port, and protocol rule criteria.
The firewall policy describes the active configuration of the Umbrella CDFW and Intrusion Prevention System (IPS). You can create any number of rules in a firewall policy to control the traffic in your networks. Within a firewall policy, configure the Umbrella IPS settings to detect or block threats and attacks. For more information about creating a rule in a firewall policy, see Add a Firewall Rule.
Note: You can configure various communication protocols in a firewall policy rule. The CDFW filters and controls traffic sent over TCP, UDP, and ICMP. The CDFW does not support the Session Initiation Protocol (SIP).
To forward traffic to Umbrella, establish an IPsec (Internet Protocol Security) IKEv2 (Internet Key Exchange, version 2) tunnel from any network device. Then, deploy the network tunnel in Umbrella and add the tunnel to an Umbrella firewall policy. As you add new tunnels to a firewall policy, Umbrella automatically applies and consistently enforces the rules defined in the policy. For more information about configuring network tunnels, see Network Tunnel Configuration.
Note: An Umbrella firewall policy only applies to traffic sent from a network tunnel.
The Umbrella cloud-delivered firewall (CDFW) expects an RFC 1918 IP address as the source IP address for outbound packets. If you use routable IP addresses on your internal network, you must contact Umbrella Support and provide the range of IP addresses that you use. Without this information, Umbrella cannot determine the IP address and may drop packets. For information about address allocation and private networks, see RFC 1918.
Updated 3 months ago