Meraki

Community

Umbrella Integration Question

Solved
Willrockhopper
Here to help
53m ago
53m ago

Umbrella Integration Question

I'm currently testing Cisco Umbrella integration with a couple of our Meraki networks and want to clarify one thing.

 

If I use the API key integration to apply the Umbrella policies at the MX and MR levels, do I still need to manually update the MX WAN uplink DNS addresses to the Umbrella ones, or this is only designed for non-Cisco devices which can't be integrated via API.

 

Basically I'm just not sure if the devices on the network will have their DNS routed through Umbrella if I don't manually change the MX's primary DNS addresses if that makes sense.

 

Labels:
0 Kudos
1 Accepted Solution
RWelch
Kind of a big deal
Kind of a big deal
46m ago
46m ago

Without manually updating the MX WAN uplink, Meraki intercepts the DNS query and attaches an identifier to identify which Umbrella policy this request should be checked against.

Ensure that bi-directional UDP 443 traffic is allowed to the Umbrella endpoint of 208.67.220.220/32.

Manually Integrating Cisco Umbrella with Meraki Networks 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

3 Replies 3
RWelch
Kind of a big deal
Kind of a big deal
46m ago
46m ago

Without manually updating the MX WAN uplink, Meraki intercepts the DNS query and attaches an identifier to identify which Umbrella policy this request should be checked against.

Ensure that bi-directional UDP 443 traffic is allowed to the Umbrella endpoint of 208.67.220.220/32.

Manually Integrating Cisco Umbrella with Meraki Networks 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
RWelch
Kind of a big deal
Kind of a big deal
17m ago
17m ago

UmbrellaIntegration.png

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Willrockhopper
Here to help
11m ago
11m ago

Great, thanks!

 

I don't suppose there'd be any advantage to doing it the traditional way by specifying the WAN IP and manually adding the Umbrella DNS servers like you would for a non-Cisco router?

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.