Starting March 2nd, 2021, Umbrella Virtual Appliance (VA) images downloaded from the Cisco Umbrella dashboard will be digitally signed.
The purpose of digitally signed images is to ensure that customers are confident that the VA image downloaded from the Umbrella dashboard is secure and has not been tampered with, and that the image originated from the trusted source as claimed.
Digitally signed VA images will be available as a .tar file. The contents of the .tar file can be extracted using the tar -xvf command on Windows or Linux.
The .tar file contains:
- An .ova file or .zip file (depending on whether you have chosen to download a VA image for VMware or Hyper-V)
- A signature file corresponding to the .ova/.zip file.
- A certificate file
- A readme file
The .ova/.zip file contain the virtual hard disks required for the deployment of the VA. You can follow the instructions in the readme file to validate the signature of this file.
In addition to VA images downloaded from the Umbrella dashboard, VA upgrade images are also now signed. As part of the image upgrade process, the VA will now validate the signature of the new image that is auto-downloaded from Umbrella and only then upgrade to this image. For seamless validation, it is recommended that the VA supports outbound access to www.cisco.com on port 80 and port 443 TCP.