The goal of this document is to provide a guided walk-through for the necessary steps to successfully setup Cisco Umbrella in a Microsoft Windows Active Directory environment. It is required that you have an Administrator account in UWSA Umbrella Console. It is recommended to have a server environment running VMware or Microsoft Hyper-V for setting up target Umbrella Virtual Appliances.
The first step in configuration is to log into our UW-Madison console at https://dashboard.umbrella.com/o/3243228. From here you'll be brought to the overview dashboard for our instance.
You will find the first setting needed under Deployments on the left panel, under the section "Configuration/Sites and Active Directory".
From here click Setup in the upper right corner of the page to reveal the page for creating a site specific to the Active Directory domain. Click Add site and enter a clear identifier for the department/domain. (example = DoIT)
Next you will add the internal domain name for the AD domain by clicking Add under "Configuration/Sites and Active Directory"
When Adding the internal domain you'll place the full domain name example.local, example.org etc..., a description of the internal domain and then select the site setup above and devices it will apply.
Repeat this step until all internal domains are added.
VA Resource Specifications - At a minimum, each VA requires the following allocated resources:
Two virtual appliances (VAs) per Umbrella site
VAs must be deployed in pairs to ensure redundancy at the DNS level and to allow for updates without downtime. Ideally with one VA on redundant virtual hosts. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.
(Follow along in Cisco Umbrella Documentation here: https://docs.umbrella.com/deployment-umbrella/docs/5-configuring-the-vas)
Open the VA in your preferred hypervisor's console, and you'll see a configuration menu. As you'll see in the lower right corner, the system time is set to UTC by default. This will not affect your DNS, network, or hypervisor.
If you have deployed the VA in a network that supports DHCP, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IP. This IP address appears on the configuration as well as the Umbrella dashboard.
Umbrella<*OrgID*>should be set as the default password for the VA. Our UW-Madison Org ID is 3243228.
Configuring the VA involves configuring the name, IP details, and local DNS servers. It is mandatory to configure the name and IP, Netmask, and Gateway (unless already configured). Failing to do this results in the VA not being able to register to Umbrella.
In addition to an IPv4 address, you can also configure the VA with an IPv6 address. Endpoints with an IPv6 address can use the VA for DNS resolution, and the internal IPv6 address of the endpoint will be reported in Umbrella. Active Directory integration is currently not supported for IPv6 endpoints.
If you have entered the Configuration Mode over SSH, to validate status, enter command "
- The name associated with the VA in your Umbrella dashboard. This is a friendly name, similar to a hostname for a computer or server. If you have multiple hypervisor hosts, appending or prepending numbers or letters to indicate the local hypervisor host is advised.
- To configure enter command "
- IP, Netmask, and Gateway (Required params for functionality):
- Give the VA a local, static IP address on the same network as your endpoints which will utilize the VAs for DNS resolution.
- Local DNS - 1 through 6:
- Enter the local IPs of your existing local DNS servers. Often these are your Windows Servers with the DNS Server role installed. These are the servers that will receive the local DNS queries. You can enter IPv4 and/or IPv6 addresses here.
If tests complete without error, the next step is to verify that the VA syncs within the Umbrella dashboard.
In Umbrella, navigate to . Your VAs are listed with the name you gave it earlier in the VA Console configuration.
Repeat above steps for configuration of first VANOTE: Umbrella VAs cannot be cloned. Ensure that your second VA is setup manually. Umbrella will not recognize a cloned VA.