In the context of virtual appliances (VAs), Umbrella sites represent the physical location of your network, and specifically the internet egress point—the DNS egress point.
Each egress requires separate VAs. For more information, see Deploy Virtual Appliances.
Having separate Umbrella sites is important for identifying the physical location of the VAs, the association of network traffic, and logical automatic updating of the VAs.
- Before You Begin
- Manage Umbrella Sites
- Internal Networks
If you intend to implement Active Directory integration, in addition to Umbrella virtual appliances (VAs), see Connect Multiple Active Directory Domains to Umbrella. Use cases and guidelines differ slightly.
Sites and VAs are only required for DNS-based deployments. When using an Umbrella Cloud-Delivered Firewall (CDFW) deployment alone, sites and VAs are not required.
If you are deploying VAs at multiple locations and if the internal IP space of each site location overlaps or is shared, you must set up multiple Umbrella sites. For each office with VAs, a separate Umbrella site can be added to group VAs together with a label. Note that you must do this when the IP space overlaps.
- Navigate to Deployments > Configuration > Sites and Active Directory.
- Hover over a Site and then click the Edit icon. The Site modal appears.
- From the Site pulldown menu, choose a site, and click Save.
The IP address is utilized in Umbrella reports and analytics, and is used when creating policies for security and category filtering. For more information about policies, see Manage DNS Policies and Manage the Web Policy.
Each Internal Network must be associated with either a Site, Network, or Network Tunnel depending on your Umbrella deployment method.
For use with Umbrella Virtual Appliances to identify DNS traffic based on the internal source IP.
For use with Umbrella Secure Web Gateway to identify web requests based on the internal source IP. Requires a proxy chaining configuration with X-Forwarded-For headers enabled. See the Manage Proxy Chaining documentation for more information.
For use with Umbrella Secure Web Gateway features to identify web traffic based on the internal source IP. Requires a Network Tunnel (IPSec) connection to Umbrella. See the Network Tunnel Configuration documentation for more information.
Adding an IP address or range of IP addresses to Umbrella creates a new "Identity" from which traffic can be identified and filtered.
- Navigate to Deployments > Configuration > Internal Networks and click Add.
- Enter a Name for the internal network and an IPv4 Address or address range.
- Select Site, Network, or Network Tunnel for Internal Network Association.
- From the dropdown menu, choose a site, network, or network tunnel to associate with this internal network.
Note: If you are associating an internal network with a network tunnel, you can choose a specific network tunnel or associate it with all of your tunnels.
- If you have endpoints with IPv6 addresses in a site, you can add them to the network. Select This network has an IPv6 address and enter the IPv6 address for the network.
Note: Umbrella does not support IPv6 addresses for networks or network tunnels associated with Internal Networks.
Note: Umbrella supports only dual-stack networks. An IPv6 network must co-exist with an IPv4 network, and you cannot create an IPv6-only network.
Updated 19 days ago