Saturday, October 17, 2020

Cisco Umbrella Scenario

Please have a look at this diagram: https://drive.google.com/file/d/1Ph9l3Pn27HG7-67mMatISNt8ycxiNCgC/view?usp=sharing

We are trying to establish an IPSEC connection from our Internal network toward Cisco Umbrella to send some outgoing traffic through that tunnel toward Umbrella and other traffic break out directly to the Internet, three options have been proposed, the one you see is one of them, with having PBR on the Firewall to send traffic destined to Umbrella and directly to Internet through it, do you guys see any issues with this approach? another approach is terminating IPSEC on the FW (which is Cisco FirePower) which has some complexities due to number of NATs needed to be added as well as quiet number of ACLs, what do you guys suggest and why?



No comments:

Post a Comment