Umbrella and Meraki integration

SOLVED
UCcert
Kind of a big deal

Umbrella and Meraki integration

Morning All

 

Have many carried out this integration as I’m trying to figure out the wherefores and whys?

 

If you’ve already deployed Umbrella to your endpoints why would you then look to integrate your Meraki network with Umbrella?

 

Which Umbrella licensing would you need to integrate as it’s done via API, is Investigate required?

 

Does the Meraki dashboard display Umbrella statistics?

 

How far can you go with the deployment, full AD integration on the Meraki side so you’ll get reports that employee Dave on his laptop has had Malware blocked and this will report into a single Meraki dashboard?

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
1 ACCEPTED SOLUTION

Hi @UCcert just to add to @CptnCrnch comments, the "original" Umbrella integration with Meraki MR came in r26 firmware and is the API Integration method.  So it's still a completely valid and recommended solution based on the requirements, and it is not deprecated, we have just added a 2nd streamlined way to do it and allow you to perform DNS security on MR APs using Umbrella. 

 

In the original method, Meraki and Umbrella dashboards get linked via API keys allowing MR AP to have DNS traffic filtered through Umbrella’s secure DNS service, on a per-SSID basis or to wireless clients assigned to network wide group policies. You simply assign a filtering policy to an SSID or GP, and all DNS requests are redirected to Umbrella and checked against the network device policy in the Umbrella dashboard. 


So what’s new?

 

There is NOW both API integration and automated (single-SKU) integration with the “MR Advanced/Upgrade” license.

 

With single-SKU, it allows you to assign pre-defined Umbrella content filtering and security policies to an SSID or Group Policy directly from the dashboard and removes the need to integrate with an existing Umbrella dashboard or Umbrella account.

 

For existing MR customers that do not yet have Umbrella, there is an UPGRADE license to enable the Umbrella functionality. For new MR deployments that also want Umbrella, that’s the ADVANCED license. 

 

There are some pros and cons that will prompt you to use one method over the other.  The manual integration does require some manual configuration, some (minimal) API knowledge, and of course an existing Umbrella account and you’ll still have 2 Dashboards.  The automated single-SKU integration is an all-in-one simple and turn-key solution, but cannot create custom policies and only provides a broader (but very adequate) view of DNS events. 


If you really need the finest policy granularity and deepest visibility, then go with API integration, but for many customers who want to add Umbrella protection in a very simply way to their new or existing MR wireless deployment, this newer option is the way to go.

 

Hope that helps! 

Here is a slide attached for general comparison.

Meraki MR and Umbrella.jpg

View solution in original post

4 REPLIES 4
CptnCrnch
Kind of a big deal

If you’ve already deployed Umbrella to your endpoints why would you then look to integrate your Meraki network with Umbrella?

Are you able to install the romaing client onto each and every device within your network? I guess not 🙂

 

> Which Umbrella licensing would you need to integrate as it’s done via API, is Investigate required?

You have two choices here:

> Does the Meraki dashboard display Umbrella statistics?

See above. No, you'll get this kind of information and logging only via Umbrella Dashboard

 

> How far can you go with the deployment, full AD integration on the Meraki side so you’ll get reports that employee Dave on his laptop has had Malware blocked and this will report into a single Meraki dashboard?

Haven't tried this but my guess is: yes, it should show up.

UCcert
Kind of a big deal

Hi Cptn, I feel a lab session coming up.  Will look through D Cloud first to see if there's anything on there.

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Hi @UCcert just to add to @CptnCrnch comments, the "original" Umbrella integration with Meraki MR came in r26 firmware and is the API Integration method.  So it's still a completely valid and recommended solution based on the requirements, and it is not deprecated, we have just added a 2nd streamlined way to do it and allow you to perform DNS security on MR APs using Umbrella. 

 

In the original method, Meraki and Umbrella dashboards get linked via API keys allowing MR AP to have DNS traffic filtered through Umbrella’s secure DNS service, on a per-SSID basis or to wireless clients assigned to network wide group policies. You simply assign a filtering policy to an SSID or GP, and all DNS requests are redirected to Umbrella and checked against the network device policy in the Umbrella dashboard. 


So what’s new?

 

There is NOW both API integration and automated (single-SKU) integration with the “MR Advanced/Upgrade” license.

 

With single-SKU, it allows you to assign pre-defined Umbrella content filtering and security policies to an SSID or Group Policy directly from the dashboard and removes the need to integrate with an existing Umbrella dashboard or Umbrella account.

 

For existing MR customers that do not yet have Umbrella, there is an UPGRADE license to enable the Umbrella functionality. For new MR deployments that also want Umbrella, that’s the ADVANCED license. 

 

There are some pros and cons that will prompt you to use one method over the other.  The manual integration does require some manual configuration, some (minimal) API knowledge, and of course an existing Umbrella account and you’ll still have 2 Dashboards.  The automated single-SKU integration is an all-in-one simple and turn-key solution, but cannot create custom policies and only provides a broader (but very adequate) view of DNS events. 


If you really need the finest policy granularity and deepest visibility, then go with API integration, but for many customers who want to add Umbrella protection in a very simply way to their new or existing MR wireless deployment, this newer option is the way to go.

 

Hope that helps! 

Here is a slide attached for general comparison.

Meraki MR and Umbrella.jpg

Manual API Integration gives many more options, and i can see almost everything in Umbrella Dashboard. Besides i can still using roaming clients. Automated integration is best if you need to deploy network in few moments, especially for small networks for cafe, libraries and others without IT support.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.