Securing Your Network: Cisco Umbrella IPSec Tunnels with Palo Alto Prisma SDWAN

Securing Your Network: Cisco Umbrella IPSec Tunnels with Palo Alto Prisma SDWAN

Palo Alto Prisma SDWAN and Cisco Umbrella provide robust security for your internet-bound traffic. Prisma SDWAN ensures that your application traffic flows securely from branch offices over disparate links to data centers, as well as direct-to-internet flows for SaaS applications and general internet usage.

💻 Table of Content

Cisco Umbrella Tunnels with Palo Alto Prisma SDWAN
Fig 1.1-Cisco Umbrella Tunnels with Palo Alto Prisma SDWAN

1. What is Palo Alto Prisma SDWAN?

Palo Alto Prisma SDWAN (Software-Defined Wide Area Networking) is a cloud-based networking solution that enables enterprises to securely and efficiently connect and manage their branch sites, remote users, and cloud resources.

Prisma SDWAN enables enterprises to optimize their WAN traffic and prioritize key applications by providing end-to-end network visibility, application awareness, and management. It creates a virtual overlay network by combining numerous internet lines and secure VPN tunnels to allow seamless communication between branches, data centers, and cloud services.

Prisma SDWAN also incorporates extensive security features, such as a next-generation firewall and threat prevention capabilities, to safeguard WAN traffic from cyber attacks. It detects and prevents sophisticated attacks in real time using machine learning and behavioral analytics.

The system is cloud-delivered, which means it can be rapidly and simply implemented and is constantly up to date with the most recent security features and fixes. Prisma SDWAN also comes with a centralized management panel, which gives managers a unified view of the network and allows them to setup and administer rules and security settings from a single spot.

2. What is Cisco Umbrella ?

Cisco Umbrella is a cloud-delivered security service that provides protection against internet threats such as malware, phishing, and ransomware. It offers DNS and IP-layer security, which allows it to block requests to malicious domains and IPs before a connection is established.

Cisco Umbrella works by redirecting DNS requests to its global network of servers, which perform real-time analysis of the request to determine if it is safe or not. If the request is deemed unsafe, Cisco Umbrella blocks it, preventing the user from accessing the malicious site or downloading malware.

In addition to protecting users from internet threats, Cisco Umbrella also provides visibility into internet activity across an organization's network. It can track internet usage across devices and locations, giving administrators the ability to enforce security policies and prevent unauthorized access.

Cisco Umbrella is designed to be easy to deploy and manage, making it a popular choice for organizations of all sizes. It can be integrated with other Cisco security solutions, such as Cisco Secure Firewall and Cisco Secure Email, to provide comprehensive security coverage.

3. Palo Alto Prisma SDWAN integration with Cisco Umbrella

Enforced Security Protocols: Per-application policy enforcement of application traffic flows ensures that each application is handled with the appropriate security protocols.

Advanced Threat PreventionCisco Umbrella's advanced threat prevention helps protect organizations from malicious actors, such as malware, ransomware, and phishing.

Proactive ProtectionCisco Umbrella's proactive protection is designed to scan the internet for malicious websites and block them before they reach your network.

4. Configure Tunnel in Cisco Umbrella

Step 1: Navigate to Deployments > Core Identities > Network Tunnels and click Add.

Step 2: Give your tunnel a meaningful name and choose Others from the Device Type drop-down.

Step 3: Select Secure Internet Access for Service Type.

Cisco Umbrella Secure Internet Access
Fig 1.2- Cisco Umbrella Secure Internet Access

Step 4: Select Fully Qualified Domain Name (FQDN) or IP Address/Network for the Authentication Method. Add the Tunnel ID and create a passphrase.

Cisco Umbrella Tunnel to Prisma SDWAN
Fig 1.3-Cisco Umbrella Tunnel to Prisma SDWAN

Step 5: Copy the Tunnel ID and passphrase and save for Configure the Prisma IPsec Profile.

5. Configure Tunnel in Palo Alto Prisma SDWAN

Step 1: In Prisma SDWAN, navigate to Policies > Stacked Policies, click IPsec Profiles, and click Add IPsec Profile.

Step 2: Enter the IKE Group settings to align with Cisco Umbrella's Supported IPsec Parameters and click Next

Step 3: Enter the ESP Group settings to align with Cisco Umbrella's Supported IPsec Parameters and click Next.

Step 4: Set the Authentication Type to None and click Next. Now review and verify the configuration and click Save and Exit.

6. Configure the Prisma Service Endpoint Group

Step 1: In Prisma SDWAN, navigate to Policies > Stacked Policies, click Service & DC Groups, and click Endpoints.

Step 2: Select Standard VPN from the Prisma SDWAN drop-down.

Step 3: Click Add Endpoint, enter a meaningful name and optional description, and then click IPs & Hostnames.

Step 4: Enter the Cisco Umbrella IPsec head-end IP(s) that are desired for this endpoint. Click Done and Save & Exit.

Step 5: In the Groups tab, click Add and select Standard VPN.

7. Configure the IPsec Tunnel

Step 1: In Prisma SDWAN, navigate to Map > Claimed Devices, and click the device where the IPsec tunnel will be configured.

Step 2: Click the Interface configuration tab, click the "+" icon to add an interface, select Standard VPN, and then click Add.

Step 3: Configure the tunnel with Name, Interface Type, Standard VPN Type, Parent Interface, Inner Tunnel IP Address/Mask, Endpoint and IPSec Profile

Step 4: Add IPsec Authentication like Type, Secret, Local ID Type. Click Done and then click Create Standard VPN.

8. Configure the Prisma Path Policy

Step 1: In Prisma SDWAN, navigate to Policies > Stacked Policies, click Path, select Path Sets and click Add Set.

Step 2: Click on the newly created policy set and click Add Rule.

Step 3: Click the Apps tab and select app to be forwarded to Cisco Umbrella for enforcement. By default, if no applications are selected then all traffic will be routed to Cisco Umbrella

Step 4: Click the Paths tab, select Standard VPN from the Overlay drop-down and Any Public from the Circuit Category drop-down.

Step 5: Click the Service & DC Groups tab and choose the group created as Prisma SDWAN Service Endpoint Group.

Step 6: Verify the configuration in the Summary tab and click Save & Exit.

9. Conclusion

By integrating Cisco Umbrella with Prisma SDWAN, organizations can benefit from DNS-layer security and IP-layer security, which protects against malware, phishing, and ransomware. This integration also provides end-to-end network visibility, application awareness, and control, allowing organizations to optimize their WAN traffic and prioritize critical applications.

When these two technologies are combined, enterprises may obtain a greater degree of security and performance across their network, whether they are connecting to cloud resources or branch sites. Both Cisco Umbrella and Prisma SDWAN are cloud-based systems that are simple to implement, expand, and maintain.

Finally, Cisco Umbrella Tunnel with Prisma SDWAN is a robust solution that offers sophisticated security and networking features to businesses of all sizes. Organizations may use this solution to secure their networks from cyber attacks, increase network performance, and obtain useful insights into their network traffic.

Continue Reading...