Meraki

mekhan19

Hi All,

We are a existing Meraki and Umbrella customer however we are confused as how to migrate to SSE. I can see the secure connect dashboard but not sure what happens to the umbrella policies and dashbaord.

What should be seamless way to migrate DNS policies or how DNS policy from Umbrella will talk to Secure Connect, As per documentation Cisco Secure Connect uses SAMl but my umbrella is using VA using on prem ad.

can we do the Secure Connect and Saml integration and how users will migrate and behave

How DNS protection will behave as It is already covered under Umbrella

Is there a impact if we integrate Umbrellla with CSC where Umbrella is integrated with VA for internal DNS resolution

alemabrahao

To be honest I don't know the answer, but I believe these two links can help you.

Customers with both Meraki and Umbrella Organizations - Cisco Meraki Documentation

Cisco Secure Connect Foundation Meraki SD-WAN Integration - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

mekhan19

Thanks @alemabrahao

I am aware of the links , it only talks about integrations however there is no concise explanation steps for existing DNS policies with VAs, how that works with SAML

ChristopherR

Hi,

If you're using the VA, this will only be applicable for DNS policies in Umbrella.

Now with Secure Connect, you have a way to easily route all traffic (ie. tunnels, web) to Umbrella for additional inspection. SAML can be used for identity for policies for web traffic.

You should have a bit of flexibility now including:

- setting up DNS policies by SSID on APs

- configuring DNS policies by AD user/group using the VAs you've already configured

- setup Web policies for users on SAML ID after configuring your MXes to send all traffic to Umbrella through the "sites" interface via Secure Connect

If you are considering sending all the traffic to Umbrella for inspection and using SAML then the VAs may no longer be needed in your environment. You may also have segments in your network where you want to configure DNS policies for AD users/groups and the VAs may be useful here.

If you're using the VAs for internal domain resolution, and using the MR/MX Umbrella integration (https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...) you'll want to make sure you include your internal domains in the appropriate location so they aren't sent to Umbrella for resolution.

Hope this helps!

mekhan19

Hi , The problem is Umbrella is already integrated with on prem AD and we added Umbrella to Csico Secure connect.

We successfully tested Cisco Secure Connect with SAMl however under users option it is giving an error as it might be learning through umbrella via on prem AD

Can we remove on-prem AD and integrate Umbrella with Entra ID just like Cisco Secure Connect or it is not needed.

My concern is if Cisco Secure Connect can talk to SAML then does Individual integration of Umbrella with on -prem AD will cause conflict.

ChristopherR

If you're just looking to have policies for the web traffic for users then I think you could do away with the on-prem AD integration with the VA. The on-prem AD integration will only help for DNS policies at the user/group level.

Meraki

Community

Cisco Secure Connect with existing Umbrella and Meraki Customers

Cisco Secure Connect with existing Umbrella and Meraki Customers