MX with Umbrella

SOLVED
chuffin
Conversationalist

MX with Umbrella

Hi, Been trying to read through various documents, but not quite fully understood this all yet.

 

1) When MX is integrated with Umbrella, is this effectively offloading the advanced security to Umbrella cloud?

2) Do you actually still need Advanced Security license if using Umbrella? Not certain, but I believe this needs Umbrella SIG Essentials but not sure about the Meraki license aspect?

3) For the AnyConnect client setup (for offline protection), is the umbrella module managed via the Meraki dashboard (similar in the way we can turn this on in an ASA policy) or is this managed outside of the Meraki Dashboard?

 

Many thanks.

1 ACCEPTED SOLUTION
CptnCrnch
Kind of a big deal

1) Yes, you could see it this way. MX is simply building up an AutoVPN tunnel to Umbrella where global intelligence, SSL decryption etc. take place.

2) Strictly speaking, you don't need Advanced Security on the Meraki side of things, but to be able to have a "real" SASE setup including local internet breakout for things like Microsoft 365, you'll even want to use the SD-WAN Plus license on Meraki.

Umbrella SIG Essentials would be the "low-end" license on Umbrella, but won't give you things like L7 firewalling, IPS, DLP and so on.

3) The AC Umbrella Module is managed by Umbrella itself. 🙂

View solution in original post

3 REPLIES 3
Brash
Head in the Cloud

Don't have a heap of experience with Umbrella but to answer a few of the questions:

1. I believe rather than offload, Umbrella is another layer on top of Meraki's content filtering, IPS and other security features.

2. An Advanced Security license is required for umbrella integration feature with the MX.

chuffin
Conversationalist

I agree it is another layer of protection in some elements, but from what I can tell a lot of it is essentially replication of what Advanced Security gives anyway, and Umbrella maybe adding the visibility, reporting and SIG side. Unless I'm misunderstanding this.

 

If Advanced Security license is still required for Umbrella, it feels a bit like paying twice, but we just have to try and sell it to the customer in the right way I guess.

CptnCrnch
Kind of a big deal

1) Yes, you could see it this way. MX is simply building up an AutoVPN tunnel to Umbrella where global intelligence, SSL decryption etc. take place.

2) Strictly speaking, you don't need Advanced Security on the Meraki side of things, but to be able to have a "real" SASE setup including local internet breakout for things like Microsoft 365, you'll even want to use the SD-WAN Plus license on Meraki.

Umbrella SIG Essentials would be the "low-end" license on Umbrella, but won't give you things like L7 firewalling, IPS, DLP and so on.

3) The AC Umbrella Module is managed by Umbrella itself. 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels