The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Sites and Internal Networks

Before You Begin

If you intend to implement Active Directory integration, in addition to Umbrella virtual appliances (VAs), see Appendix B – Multiple Active Directory and Umbrella Site. Use cases and guidelines differ slightly.

Sites/VAs are only required for DNS-based deployments. When using an Umbrella Cloud-Delivered Firewall (CDFW) deployment alone, sites/VAs are not required.

In the context of virtual appliances (VAs), Umbrella sites represent the physical location of your network, and specifically the internet egress point—the DNS egress point.

Each egress requires separate VAs. For more information, see Deploy Virtual Appliances.

Having separate Umbrella sites is important for identifying the physical location of the VAs, the association of network traffic, and logical automatic updating of the VAs.

Manage Umbrella Sites

If you are deploying VAs at multiple locations and if the internal IP space of each site location overlaps or is shared, you must set up multiple Umbrella sites. For each office with VAs, a separate Umbrella site can be added to group VAs together with a label. Note that you must do this when the IP space overlaps.

  1. Navigate to Deployments > Configuration > Sites and Active Directory**.
  1. Hover over a Site and then click the Edit icon. The Site modal appears.
  1. From the Site pulldown menu, choose a site, and click Save.

Introduction to Internal Networks

The IP address is utilized in Umbrella reports and analytics, and is used when creating policies for security and category filtering. For more information about policies, see Manage DNS Policies and Manage the Web Policy.

Internal Network Associations

Each Internal Network must be associated with either a Site, Network, or Network Tunnel depending on your Umbrella deployment method.

Site

For use with Umbrella Virtual Appliances to identify DNS traffic based on the internal source IP.

Network

For use with Umbrella Secure Web Gateway to identify web requests based on the internal source IP. Requires a proxy chaining configuration with X-Forwarded-For headers enabled. See the Manage Proxy Chaining documentation for more information.

Network Tunnel

For use with Umbrella Secure Web Gateway features to identify web traffic based on the internal source IP. Requires a Network Tunnel (IPSec) connection to Umbrella. See the Network Tunnel Configuration documentation for more information.

Manage Internal Networks

Adding an IP address or range of IP addresses to Umbrella creates a new "Identity" from which traffic can be identified and filtered.

  1. Navigate to Deployments > Configuration > Internal Networks and click Add.
  1. Enter a name for the internal network and an IPv4 address or address range.
  1. Select Site, Network, or Network Tunnel for Internal Network Association.
  1. From the dropdown menu, choose a site, network, or network tunnel to associate with this internal network.
    Note: If you are associating an internal network with a network tunnel, you can choose a specific network tunnel or associate it with all of your tunnels.

Reroute DNS < Sites and Internal Networks > Updates

Updated 2 months ago

Sites and Internal Networks


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.