After an Umbrella Virtual Appliance (VA) has been deployed, an Internal Networks identity can be configured. To set this up, drop one of our lightweight VAs into your network, direct your DNS traffic through it, and start mapping your network based on specific internal IP addresses and/or subnets. For an overview on how this all works, check out the getting started video here.
The purpose of the Internal Networks identity is to define a subnet that's non-routable (or RFC1918 compliant) as an identity you can apply policy to.
The Umbrella VA will have your DNS traffic pointed to it for this configuration and anything identified as coming from the networks you've defined will have the policies applied.
These steps assume you have set up a Virtual Appliance (VA). If you have not yet done so, please use either of these documents to provision your VA:
- Quick Start for Virtual Appliances – Step 1: Getting Ready
- Active Directory Integration – Step 1: Setup DNS Forwarding via Virtual Appliances
You should be provisioning at least two VA's per site, but you can have multiple subnets per site if necessary.
Provisioning a Subnet for Your VA
- Navigate to Settings > Sites and Active Directory.
By default, the VA will be assigned to the Default Site.
If you would like to add a second Site for a second VA, you can change the Site for the VA by adding a new site
- Click the name to expand it and add a site.
- Once you've set your first site up, navigate to Identities > Internal Networks.
- Click the (Add) icon.
- Name your network and provide a valid subnet.
Some examples of valid subnets, either very small or very large are:
This control can be quite granular: you can assign an individual Internal Network policy to a single IP or to a DHCP scope that's already been configured for your network.
Assigning Policy to your Site
By default the Internal Network you've configured will be assigned to the Default Site, which is given the Default Policy in Umbrella. You can change this by assigning the Identity for your Site to a new Policy, which can take precedence if ordered first. Alternately, you can create a unique Policy for the Identity for your site by drilling down through the Sites:
Once you've selected the site that contains your Internal Networks, you can begin to select the parts of the policy to apply to these computers.
If you'd like more information on reporting for Internet Networks, click here.