Meraki

Shadius · ‎Mar 12 2022

Hi all,

I would like to know how to remove Cisco Umbrella from a Meraki network.

I want to be sure that anything that was previously linked or had anything to do with Cisco Umbrella is totally gone from the network/organization.

How can I achieve this?

PhilipDAth · ‎Mar 12 2022

It can be linked in several places. Off the top of my head:

Check if DHCP is using Cisco Umbrella, Security & SD-WAN/DHCP
Check if you have integrated with the Umbrella API
https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Manually_Integrating_...
Check if you are using MR Advanced:
https://documentation.meraki.com/MR/Other_Topics/Cisco_Meraki_and_Umbrella_Integration_-_MR_Advanced
Check if you are using Cloud Onramp.
https://documentation.meraki.com/MX/Meraki_Umbrella_SDWAN_Connector/Deployment_Guide

Shadius · ‎Mar 12 2022

So I've removed the integration with the Umbrella API and the Cloud On-Ramp.

Not using MR.

Would those be the only places to check to make sure I'm 100% Umbrella-free?

PhilipDAth · ‎Mar 12 2022

You need to check DHCP as well (if the MX is doing DHCP).

Shadius · ‎Mar 12 2022

Thanks @PhilipDAth

The MX is not running DHCP. We run DHCP from our Windows Domain Controller(s).

DarrenOC · ‎Mar 12 2022

Hi @Shadius , mind if I ask why the need to remove Umbrella? Replacing with another solution?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

PhilipDAth · ‎Mar 12 2022

I've had zero issues with clients on 16.16.

As a test, try turning off threat protection to see if the issue goes away. If it does, turn it back on again and look for which signature is firing. Then you can either address the vulnerability it is detecting, or whitelist it to ignore the IPS signature.

Shadius · ‎Mar 12 2022

So I thought everything was working fine when we deployed Cisco Umbrella, but something seems to have gotten screwed up. We have a fiber connection and now the speeds have dropped from 1000Mbps to 100Mbps and somehow we're having issues with Outlook.

So I'd like to just return the network pre-Umbrella for now until I can figure out where I went wrong.

CptnCrnch · ‎Mar 13 2022

100 Mbps seems quite odd. Currently, tunnels to Umbrella are limited to 250Mbps, so you'll not see your fiber connection using its full capability.

Outlook issues? Have you excluded M365 services from your Web Policies?

Policies -> Web Policy -> Global Settings -> M365 Compatibility

Shadius · ‎Mar 14 2022

So even with Umbrella enabled, we'd be losing speeds?

Then Umbrella might not be worthwhile if it would mean us not getting our fiber speeds that we're paying for.

CptnCrnch · ‎Mar 14 2022

Guess I should get into more detail here:

The current limit is 250Mbps, you could get in touch with your sales rep as it can be uplifted to 500Mbps (depending on your sizing).

If you want to leverage the full speed of your fiber connection, you can additionally use more than one tunnel, by using Traffic Shaping you would at least achieve that.

Shadius · ‎Mar 14 2022

Very interesting and a bit concerning.

We definitely don't want to lose any speeds with our fiber connection.

Any documentation you can point me to so I can dig into this a bit more?

CptnCrnch · ‎Mar 14 2022

The limitations are mentioned here: https://documentation.meraki.com/MX/Meraki_Umbrella_SDWAN_Connector/Deployment_Guide#Sizing_Consider...

As you always have two seperate tunnels running, you could simply use MX's SD-WAN Policy feature:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#SD-WAN_p...

Meraki

Community

Meraki MX & Cisco Umbrella

Meraki MX & Cisco Umbrella