MR /w Umbrella vs. Content- and Application Filtering

whistleblower
Building a reputation

MR /w Umbrella vs. Content- and Application Filtering

Hi all,

I‘m reading through some documentation about the availabiliy of enabling Umbrella on the MR APs and there‘s a question for me about the sense! 

What would be the advantage or difference when using a predefined Umbrella Policy Rule on an e.g. Corporate SSID when there‘s a Content-/Application Filter on an MR or MX is already configured as well?

1 Reply 1
Bruce
Kind of a big deal

I believe the advantage of the pre-defined Umbrella rules, other than the way that Umbrella works (if you call that an advantage - I know it’s debatable), is the speed that updates (especially for malware) are pushed into the Umbrella DNS servers. The Umbrella based classifications are managed by the Cisco Talos team and are continuously feeding into the Umbrella system, as is their finding regarding malware. Along with Umbrella’s machine learning for things like DGA’s it provides a great level of protection.

 

The inbuilt content filtering in both the MR and MX is fed by BrightCloud and relies upon inspection of URLs. The update process is not as quick - generally BrightCloud has to update the listings, and then the device needs to download the listings - and you could argue that URL inspection itself is more CPU intensive than the DNS based approach of Umbrella.

 

I would say that the full version of Umbrella integrated with Meraki MR or MX is a great solution (it’s far more granular, and can provide protection for off-net clients), but I do tend to agree that with the pre-built bundles its less clear cut, although the added malware protection alone may make it valuable.

 

Hope this goes some way to providing some guidance.

 

Note: the predefined Umbrella policies are only available on the MR with the Advanced License. I don’t believe the predefined bundles have made it to the MX yet, you have to do an integration with a full Umbrella license.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels