Articles in this section

Internal Networks Configuration Documentation

Avatar
Matt Prytuluk
  • Updated
Follow

Overview

  

After an Umbrella Virtual Appliance (VA) has been deployed, an Internal Networks identity can be configured. To set this up, drop one of our lightweight VAs into your network, direct your DNS traffic through it, and start mapping your network based on specific internal IP addresses and/or subnets. For an overview on how this all works, check out the getting started video here.

The purpose of the Internal Networks identity is to define a subnet that's non-routable (or RFC1918 compliant) as an identity you can apply policy to.  

The Umbrella VA will have your DNS traffic pointed to it for this configuration and anything identified as coming from the networks you've defined will have the policies applied. 

 

Prerequisites

  

These steps assume you have set up a Virtual Appliance (VA). If you have not yet done so, please use either of these documents to provision your VA:

You should be provisioning at least two VA's per site, but you can have multiple subnets per site if necessary. 

 

Provisioning a Subnet for Your VA

  
  1. Navigate to Settings > Sites and Active Directory.
    By default, the VA will be assigned to the Default Site.  

    Va-Under-Sites.jpgIf you would like to add a second Site for a second VA, you can change the Site for the VA by adding a new site
  2. Click the name to expand it and add a site.
  3. Once you've set your first site up, navigate to Identities > Internal Networks.
  4. Click the  (Add) icon.
  5. Name your network and provide a valid subnet.



     

    Note:

    If you're unfamiliar with traditional subnet masks, there are subnet tools online to help. The final octet of your IP range should match the mask for that range. The Internal Networks setup will not allow an invalid range to be configured.

     

    Some examples of valid subnets, either very small or very large are:

    252_subnet.jpg

    large_subnet.jpg

    This control can be quite granular: you can assign an individual Internal Network policy to a single IP or to a DHCP scope that's already been configured for your network.  

 

Assigning Policy to your Site

  

By default the Internal Network you've configured will be assigned to the Default Site, which is given the Default Policy in Umbrella. You can change this by assigning the Identity for your Site to a new Policy, which can take precedence if ordered first. Alternately, you can create a unique Policy for the Identity for your site by drilling down through the Sites:

drillthrusites.jpg  

 
set_policy_for_site.jpg  

Once you've selected the site that contains your Internal Networks, you can begin to select the parts of the policy to apply to these computers.

If you'd like more information on reporting for Internet Networks, click here

Related articles

Comments

0 comments

Article is closed for comments.