browse
Overview
Customers deploying Umbrella's Secure Web Gateway (SWG) are recommended to allow SWG's IP space to ensure traffic is allowed through their perimeter firewalls. This also applies to any web filtering appliances that the customers may have.
Prerequisite
This article applies to SWG deployments with PAC file or AnyConnect client with SWG module.
IP Addresses
Cisco Umbrella is an elastic cloud service, and its IP space is dynamic and constantly changing. Customers deploying the Umbrella SWG product are recommended to allow the following CIDRs on their perimeter firewalls to ensure they can connect to the Umbrella SWG service:
67.215.64.0/19
146.112.0.0/16
151.186.0.0/16
155.190.0.0/16
185.60.84.0/22
204.194.232.0/21
208.67.216.0/21
208.69.32.0/21
Traffic profile:
- Protocol = TCP
- Ports = outbound 80 and 443
Domains
It is also recommended that these domains are bypassed at the source in order to ensure that all traffic is allowed:
isrg.trustid.ocsp.identrust.com
*.cisco.com
*.opendns.com
*.umbrella.com
*.okta.com
*.oktacdn.com
*.pingidentity.com
secure.aadcdn.microsoftonline-p.com