![]() When users access the internet from your offices, they are behind a NAT, so they all appear to come from the same IP address. I haven’t even mentioned the benefits from a security point of view, which would require an article in itself.Ĭhanging the forwarders by itself it great, but you can probably already see some holes in the strategy. Once you see the dashboard and how easy it is to use, you’ll wonder why you still use your on-premise device, when this is clearly so much easier to use, while reducing complexity and points of failure in your corporate network. If you change these forwarders to Cisco Umbrella servers, you have just gained a ton of visibility into your corporate network traffic, seeing where people are going on the internet, and having the ability to white list and blacklist sites with ease. Most companies use either the forwarders specified from their ISP, or they use the google DNS servers: 8.8.8.8 and 8.8.4.4. If it doesn’t, it will send it to the configured DNS Forwarders…external DNS servers that can resolve internet addresses. ![]() If you try to resolve the name ‘’ and your DNS server managing has the record for it, then it responds with that IP address and you get a response. Your client computers get a DHCP address assigned with your internal DNS servers specified for name resolution. You are probably using Microsoft Active Directory and DNS. If you just wanted to filter URLs, you don’t even need to determine the who, just white list and blacklist specific URLs.Ĭhange DNS Forwarders - The Easiest way to start using Cisco Umbrella Basically you are trying to send DNS requests to Umbrella and ideally, determine who is trying to go there and from which device. ![]() There are a few deployment scenarios for Cisco Umbrella, depending on your what you are trying to accomplish. This article is more about the deployment of Cisco Umbrella in our environment, so I won’t go on with all the numerous other benefits of Umbrella, suffice it to say that I am a believer in the product, and it was an enormous improvement over our previous solution. I’ve even seen an appliance set to ‘fail-open’ that should pass traffic even if the device were dead, but failed to do so when needed. Or a company will have redundant ISPs but ALL traffic goes through a single appliance, creating a single point of failure. I’ve seen it several times where the security/URL filtering appliance was only in-line when running on the primary ISP connection. No matter the vendor, administration tasks are more complicated than they should be, and they always add a little complexity and more points of failure in the environment. I’ve had to support on-premise solutions for URL filtering in the past and in my opinion, there are no good ones. If you don’t have Cisco Umbrella (Formerly OpenDNS) in your environment yet, you should really take a look at it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |