Introducing Cisco DNA Center Integration with Umbrella
Cisco Umbrella provides the first line of defense against threats on the internet wherever users go. Umbrella delivers complete visibility into internet activity across all locations, devices, and users, and blocks threats before they ever reach your network or endpoints. Cisco Umbrella helps in securing traffic using Secure Internet Gateway(SIG) in cloud. In this blog, we will look at how Integration of Cisco Umbrella with Cisco DNA Center will help in automating and securing WLAN’s to provide maximum visibility and granularity using network infrastructure.
In the world of connected things wireless infrastructure plays a major role in connecting people, processes, and things. According to Cisco VNI, 66% of Global Population will have Internet Access by 2023 and this brings in a bigger question of how to secure the endpoints (It can be Enterprise devices, Guest devices or even IoT Endpoints). It’s interesting that I mentioned about IoT Endpoints, reason being according to Cisco VNI, by 2023, IoT Endpoints will account for 50 percent (14.7 billion) of all global networked devices and one third of those devices will be wireless. The addition of billions of devices to the network edge drives the need for enterprises to provide actionable insights and scalable solutions to secure employees’ devices, IoT connections, infrastructure, and proprietary data.
Enabling Cisco Umbrella on Catalyst 9800 WLC brings in a whole lot of capabilities such as granular policy enforcement per SSID, visibility in identifying internet threats and reporting. Umbrella on WLAN enforces security at the Domain Name System (DNS) layer, which means you can block requests to malicious domains and IPs before a connection is ever made.
The need for Network Policy Automation
In today’s digital world, the network needs to adapt quickly to changing business requirements. The network needs to support an increasingly diverse and fast-changing set of users, devices, applications, and services. It needs to seamlessly and securely onboard this diverse set of devices and deliver the desired user and application experience.
Cisco DNA Center and Cisco Umbrella
Cisco DNA Center provides an intuitive GUI workflow to enable Umbrella policies on WLAN Controllers. Cisco DNA Center supports Umbrella configuration on Cisco Catalyst 9800 Series Wireless Controller running software version 16.12.x or higher and Cisco Catalyst 9100 Series Access Points on local, flex connect mode, and on Mobility Express (ME) AP’s. The supported Cisco DNA Center release version is 2.1.x.
As a pre-requisite, necessary keys, such as the API key, legacy token, management key, and secret, needs to be created in the Umbrella Account. To integrate DNA Center with Umbrella Organization ID, Management API Keys, and Network Device API Keys & token needs to be entered manually in Cisco DNA Center.
Once Integrated, Cisco DNA Center can now configure Umbrella policies to Catalyst 9800 WLC, which are managed and provisioned by Cisco DNA Center. Cisco DNA Center provides a comprehensive view all the WLAN Controllers that are eligible for Umbrella deployment in a site. If the WLAN Controllers are Not ready for Umbrella deployment, Cisco DNA Center also provides information on why the Network device is not ready. The major advantage of integration is, Cisco DNA Center can now retrieve policies created in the Umbrella cloud and provides an option to assign these policies at per SSID level to all the eligible WLAN Controllers. This way umbrella policies can be pushed to multiple SSID’s on multiple WLAN Controllers with few simple clicks.
Cisco DNA Center also provides base assurance capabilities for Total DNS Queries and Blocked DNS Queries in the Umbrella Services Dashboard.
The integration of Cisco DNA Center and Umbrella helps deploy Umbrella policies quickly with minimal disruption to other services, ensures that edge devices are secured at the DNS layer without any added latency. This helps maintain the network infrastructure stay up to date by aligning to dynamic business needs.
Check out our Intent-Based Networking video channel