Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX with Umbrella

Solved
chuffin
Conversationalist
‎Sep 13 2022 5:24 AM
‎Sep 13 2022 5:24 AM

MX with Umbrella

Hi, Been trying to read through various documents, but not quite fully understood this all yet.

 

1) When MX is integrated with Umbrella, is this effectively offloading the advanced security to Umbrella cloud?

2) Do you actually still need Advanced Security license if using Umbrella? Not certain, but I believe this needs Umbrella SIG Essentials but not sure about the Meraki license aspect?

3) For the AnyConnect client setup (for offline protection), is the umbrella module managed via the Meraki dashboard (similar in the way we can turn this on in an ASA policy) or is this managed outside of the Meraki Dashboard?

 

Many thanks.

0 Kudos
Subscribe
1 Accepted Solution
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Sep 13 2022 12:10 PM
‎Sep 13 2022 12:10 PM

1) Yes, you could see it this way. MX is simply building up an AutoVPN tunnel to Umbrella where global intelligence, SSL decryption etc. take place.

2) Strictly speaking, you don't need Advanced Security on the Meraki side of things, but to be able to have a "real" SASE setup including local internet breakout for things like Microsoft 365, you'll even want to use the SD-WAN Plus license on Meraki.

Umbrella SIG Essentials would be the "low-end" license on Umbrella, but won't give you things like L7 firewalling, IPS, DLP and so on.

3) The AC Umbrella Module is managed by Umbrella itself. 🙂

View solution in original post

Subscribe
3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Sep 13 2022 5:58 AM
‎Sep 13 2022 5:58 AM

Don't have a heap of experience with Umbrella but to answer a few of the questions:

1. I believe rather than offload, Umbrella is another layer on top of Meraki's content filtering, IPS and other security features.

2. An Advanced Security license is required for umbrella integration feature with the MX.

0 Kudos
Subscribe
In response to Brash
chuffin
Conversationalist
‎Sep 13 2022 7:58 AM
‎Sep 13 2022 7:58 AM

I agree it is another layer of protection in some elements, but from what I can tell a lot of it is essentially replication of what Advanced Security gives anyway, and Umbrella maybe adding the visibility, reporting and SIG side. Unless I'm misunderstanding this.

 

If Advanced Security license is still required for Umbrella, it feels a bit like paying twice, but we just have to try and sell it to the customer in the right way I guess.

0 Kudos
Subscribe
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Sep 13 2022 12:10 PM
‎Sep 13 2022 12:10 PM

1) Yes, you could see it this way. MX is simply building up an AutoVPN tunnel to Umbrella where global intelligence, SSL decryption etc. take place.

2) Strictly speaking, you don't need Advanced Security on the Meraki side of things, but to be able to have a "real" SASE setup including local internet breakout for things like Microsoft 365, you'll even want to use the SD-WAN Plus license on Meraki.

Umbrella SIG Essentials would be the "low-end" license on Umbrella, but won't give you things like L7 firewalling, IPS, DLP and so on.

3) The AC Umbrella Module is managed by Umbrella itself. 🙂

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.