DNS Security over Cisco SDWAN : Cisco SDWAN Integration with Cisco Umbrella
Today I am going to talk about the Cisco Viptela SDWAN and Cisco Umbrella integration. We talked about the earlier articles which we discussed on Cisco SDWAN components, Secure segmentation, ZTP, Zero trust model, Application aware routing and many more. Now in this article i am going to discuss about the Cisco umbrella and the integration with Cisco SDWAN.
Cisco Umbrella
As many of you know that Cisco Umbrella is first line of defense for any network which means Cisco Umbrella is a DNS layer security which is already take feeds for Cisco Talos in order to understand the website reputation.
The main purpose of Cisco Umbrella is to stay away your network from the malicious URLs. Cisco Umbrella is now having the full proxy features which for deeper visibility and control of web traffic.
In order to integrate Cisco Umbrella with Cisco SDWAN, you need to create the API keys from Cisco Umbrella first.
Login to Cisco Umbrella > Admin > API Keys > Generate API Key - one from these four options as described ( Umbrella Network devices | Legacy Network devices | Umbrella reporting | Umbrella Management ).
As in above shown image, i generate the Cisco Umbrella API key- Token for the Legacy devices which include Cisco ISR, vEdges and other devices.
vManage on Cisco SDWAN
Under CONFIGURATION | SECURITY, choose Custom Options drop-down list at the top right corner, and then select Umbrella API token. Under CONFIGURATION | SECURITY, select Add Security Policy and then choose a scenario that fits your use-case (e.g. custom).
Enter your Umbrella registration token, as shown in the image:
Once you added the DNS policy, it will shown as a template in vManage ( Cisco SDWAN orchestration dashboard)
So with the DNS security policy, you can configure your devices with the additional template on the vManage and attach that template with the device as per the normal process.
To check the umbrella template on the vEdges, check the below command
Cisco Umbrella
As many of you know that Cisco Umbrella is first line of defense for any network which means Cisco Umbrella is a DNS layer security which is already take feeds for Cisco Talos in order to understand the website reputation.
The main purpose of Cisco Umbrella is to stay away your network from the malicious URLs. Cisco Umbrella is now having the full proxy features which for deeper visibility and control of web traffic.
Fig 1.1- Cisco SDWAN integrated with Cisco Umbrella |
In order to integrate Cisco Umbrella with Cisco SDWAN, you need to create the API keys from Cisco Umbrella first.
Login to Cisco Umbrella > Admin > API Keys > Generate API Key - one from these four options as described ( Umbrella Network devices | Legacy Network devices | Umbrella reporting | Umbrella Management ).
Fig 1.2- Cisco Umbrella API key- Token |
As in above shown image, i generate the Cisco Umbrella API key- Token for the Legacy devices which include Cisco ISR, vEdges and other devices.
vManage on Cisco SDWAN
Under CONFIGURATION | SECURITY, choose Custom Options drop-down list at the top right corner, and then select Umbrella API token. Under CONFIGURATION | SECURITY, select Add Security Policy and then choose a scenario that fits your use-case (e.g. custom).
Enter your Umbrella registration token, as shown in the image:
Fig 1.3- Cisco vManage |
Now navigate to DNS Security, select Add DNS Security Policy
and then select Create new.
Fig 1.4- DNS Policy on Cisco SDWAN vManage |
Fig 1.5- DNS Policy added |
DNS Security tab of your policy, you see a configuration
similar to this image
Fig 1.6- DNS Security Policy |
To check the umbrella template on the vEdges, check the below command
NDNA_vEdge# show run | sec parameter-map type umbrella
NDNA_vEdge# show umbrella config
NDNA_vEdge# show platform hardware qfp active feature
umbrella client config
For checking the device registered with Cisco Umbrella
NDNA_vEdge# show umbrella deviceid
NDNA_vEdge# show platform hardware qfp active feature
umbrella datapath stats