Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Cisco Umbrella Monitoring and Logging Best Practices

How to: Validate Cisco Umbrella Configuration
Cisco Umbrella offers a range of URLs to validate and ensure the successful configuration of Umbrella on your network. These URLs enable you to perform various tests to confirm the functionality of Umbrella’s DNS resolution, security settings, content filtering, and Intelligent Proxy feature. Below the table is an extra category of test page for the Intelligent Proxy.

Umbrella/OpenDNS Test URLs

Correctly Configured Result

Incorrectly Configured Result

The first stage in using Umbrella is to point your DNS addresses to our anycast IP addresses (208.67.222.222 and 208.67.220.220).  

Once you’ve done that, to test whether you are using Umbrella/OpenDNS for DNS resolution, go to:
http://welcome.opendns.com

If you’ve correctly configured your DNS  settings on your router, computer or  mobile device to use Umbrella, this is the  result you should see. 

Check the settings on your device again to ensure it’s correctly configured. 

To test the Security Settings of your configuration, we recommend using one of the following test sites,depending on what you want to test.  

All of the test sites below are blocked with the default Umbrella Security Settings.

To test blocking the Security setting for Phishing:

http://www.internetbadguys.com

To test blocking the Security Setting for Malware:

http://www.examplemalwaredomain.com

or

http://malware.opendns.com/

To test blocking the Security Setting for Command and Control Callback:

http://www.examplebotnetdomain.com

An Umbrella block page should appear if you are correctly configured. With Security Settings, each of the block pages will vary based on your settings and could include custom block pages.

If this page appears, check your settings, including the order of policies and which identity you are appearing as in the logs.

To test Content Settings for your configuration, we recommend using the following test site to test blocking pornography sites. However, not every individual Content Settings has an Umbrella block page for it.  

Instead, if you have created your own block page (or added one to a policy) and applied it to the policy with a blocked Content Setting, you should see that block page appear.

To test blocking for pornographic websites:

http://www.exampleadultsite.com

An Umbrella block page should appear if you are correctly configured. With Content Settings, each of the block pages will vary based on your settings and could include custom block pages.

If this page appears, check your settings, including the order of policies and which identity you are appearing as in the logs.

If these tests return results other than those described in the table, further troubleshooting may be required. To begin, we suggest to contact your ISP to ask them if they allow 3rd-party DNS services, such as Umbrella’s global DNS or Google DNS. 

Additional Test: Intelligent Proxy

To validate the Intelligent Proxy feature:

  • Enable the Intelligent Proxy policy for an identity, such as your laptop or mobile device.
  • Visit http://proxy.opendnstest.com/ and follow the instructions to test image blocking and website blocking using the Intelligent Proxy.
  • Ensure that the identity you’re using has the Intelligent Proxy enabled in the applicable policy.

If any test results differ from the expected outcomes, further troubleshooting may be necessary. Consider reaching out to your ISP to confirm compatibility with third-party DNS services like Umbrella’s global DNS or Google DNS.

By following these steps, you can effectively validate your Cisco Umbrella configuration and ensure optimal performance of your network security measures.

How to Monitor Umbrella Service Health and System Status

Monitoring Cisco Umbrella’s health and status is key for network security. Bookmark system status pages and subscribe to the Cisco Umbrella Service Status page for notifications. Stay informed with service updates, notifications, and announcements. Regularly check the “Message Center” on the Umbrella Dashboard for alerts.

  1. Bookmark System Status Pages:
  2. Subscribe to Service Status Updates:
    • Subscribe to the Cisco Umbrella Service Status page at https://146.112.59.2/#/ to receive notifications regarding Service Degradations, Outages, Maintenance, and Events.
  3. Stay Informed with Service Updates:
  4. Check Service Notifications:
  5. Stay Updated with Announcements:
  6. Review Service Updates:
  7. Monitor Cisco Umbrella Dashboard:
    • Periodically check the Cisco Umbrella Dashboard’s “Message Center” for product alerts and notifications.

Following these steps will help you stay informed about the health and status of your Cisco Umbrella service, ensuring timely action and awareness of any potential issues.

Network Registration:

Ensure all IP addresses and CIDR ranges associated with your organization are registered with Umbrella. For more information, refer to https://docs.umbrella.com/product/umbrella/protect-your-network/.

Logging:

Umbrella retains detailed logs for 30 days before converting them into aggregated report data. To preserve detailed data beyond 30 days, configure an Amazon S3 bucket for data export at “Settings -> Log Management”.

How to Contact and Work with the Umbrella Support Team:

  1. Submit a Support Request:
  2. Telephone Support:
    • If you have purchased telephone support from Cisco Umbrella will see a telephone icon at the top right-hand corner of the Umbrella dashboard screen.
    • Clicking on the telephone icon will display the telephone number for Support.
  3. Provide Detailed Information:
    • When contacting support, provide as much detail as possible about your issue or question.
  4. Use the Diagnostic Tool:

By following these steps, you can effectively contact and work with the Umbrella support team to resolve any issues or questions you may have regarding the Umbrella service.

Feel free to reach out to us if you have any questions at [email protected] and we’ll be glad to assist you.

Happy DNS Security!

Written By :

Paula Wong, Senior Network Security Engineer, CCIE Security and Routing & Switching, Certified Ethical Hacker - Master

0 0 votes
Article Rating
Subscribe
Notify of
guest

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Daftar Binance
Daftar Binance
12 days ago

Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.