Umbrella VA

What is Umbrella VA and how it works? šŸ¤”

Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering policies. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs also enable Active Directory (AD) integration, which expands on the VAsā€™ functionality to include AD identify information in addition to internal IP address visibility and DNS encryption.

Umbrella Virtual Appliances (VAs) run on the Ubuntu operating system, which is a Linux distribution based on Debian. Not all commands normally available in Linux are available to clients from the VA's "Configuration Mode" command line. Instead, VAs use a restricted shell environment that provides a series of troubleshooting/diagnostic commands as well as configuration commands to change the relevant settings on the VAs.

Note: Two virtual appliances (VAs) are required per Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.

VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.

The VAs donā€™t cache DNS records; a DNS recordā€™s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.


11 views0 comments

Recent Posts

See All

IPS FMC for Log4Shell

In general terms, last week, a zero-day vulnerability called Log4Shell was discovered and could be exploited by remote attackers around the world. A zero-day vulnerability is a vulnerability that has

The configuration register

The configuration register is a special 16 bits value and can be used to change router behavior in several ways, such as: ā–øHow the router boots (into ROMmon, NetBoot); ā–øOptions while booting (ignore c

FTD factory reset

ā§½ Technology Overview: Cisco FTD is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during and after attacks. NGFWs use a variety of