To support deployments with overlapping IP addresses for SAML IP Surrogates, Cisco Umbrella is introducing changes to map tunnels to Umbrella Sites. A new Umbrella Site needs to be created whenever there are overlapping internal IP addresses, so that a single Site does not contain any overlapping IP addresses.
Changes are initially being rolled out on the backend to map all existing tunnels to the Default Site in each organization.
Once the backend changes are rolled out for your organization, you will see some changes in the parameters returned by or accepted by the Tunnel APIs. Specifically, the List Tunnels API, Get Tunnel API and Psk Update API will now include the SiteOriginID corresponding to the respective tunnel in the API response. The Add Tunnel API will now take an optional SiteOriginID as an input parameter for creating the tunnel.
These changes are being rolled out in phases across organizations, and are not expected to have any impact on existing functionality. Till the time the changes are rolled out for your specific org, the current API specifications will continue to remain valid. The mapping of tunnels to Umbrella sites will not impact any Umbrella features that you are using.
At a later stage, you will be able to see the options to modify the tunnel-site mapping so as to map your tunnel to any other Umbrella site. This will be communicated via a separate announcement.