Customers deploying Umbrella's Secure Web Gateway (SWG) are recommended to allow SWG's IP space to ensure traffic is allowed through their perimeter firewalls. This also applies to any web filtering appliances that the customers may have.
This article applies to SWG deployments with PAC file or AnyConnect Client with SWG module
Cisco Umbrella is an elastic cloud service, and its IP space is dynamic and constantly changing. Customers deploying the Umbrella SWG product are recommended to allow the following CIDRs on their perimeter firewalls to ensure they can connect to the Umbrella SWG service:
- Protocol = TCP
- Ports = outbound 80 and 443
It is also recommended that these domains are bypassed at the source in order to ensure that all traffic is allowed:
*.umbrella.com (see following note)