Re: [cisco-voip] Jabber MRA with Cisco Umbrella
This is for the Umbrella client installed on all the PCs so it is always using Umbrela DNS except for any domains specified as internal. On Thu, Sep 26, 2019, 1:49 PM Scott Voll wrote: > are you using an always connected VPN configuration? Like Mike said. in > our environment, our umbrella VM's point to the internal DNS servers. > Outside our corporation Umbrella uses the external DNS (hosted elsewhere). > I don't understand why you are getting the same response both > internally and externally. > > Scott > > > On Tue, Sep 24, 2019 at 6:27 PM Brian Meade wrote: > >> Issue would be a corporate PC with umbrella going off-site. If you add >> your internal domains, it would get the _cisco-uds record always rather >> then _collab-edge. >> >> On Tue, Sep 24, 2019, 6:34 PM Norton, Mike >> wrote: >> >>> Have never used Umbrella for external clients, but I would be very >>> surprised if it somehow magically exposed your “local” domains to external >>> clients. Internal clients use the internal Umbrella virtual appliance to >>> resolve names, and if the request is for a domain defined as “local”, the >>> virtual appliance then uses the internal DNS server to resolve the name. >>> External clients would not have access to the internal virtual appliance >>> nor to the internal DNS server, so it should not be possible for external >>> clients to get internal answers. IIRC the list of “local” domains is per >>> “site” and external clients would not be in scope for the site. >>> >>> Defining a local domain is probably what you want. >>> >>> I could be wrong though - stopped using Umbrella after Cisco bought it >>> and tried to more than quadruple the pricing on us. >>> >>> -mn >>> >>> >>> >>> *From:* cisco-voip *On Behalf Of *Brian >>> Meade >>> *Sent:* September 24, 2019 12:37 PM >>> *To:* cisco-voip voyp list >>> *Subject:* [cisco-voip] Jabber MRA with Cisco Umbrella >>> >>> >>> >>> Has anyone been able to get this to work? >>> >>> >>> >>> Umbrella always finds the _collab-edge SRV record even when internally. >>> I imagine if we made the voice services domain a local domain we would have >>> the reverse issue of always seeing _cisco-uds even when external. >>> >>> >>> >>> Any Umbrella features that could help here? >>> >>> >>> >>> Thanks, >>> >>> Brian Meade >>> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber MRA with Cisco Umbrella
are you using an always connected VPN configuration? Like Mike said. in our environment, our umbrella VM's point to the internal DNS servers. Outside our corporation Umbrella uses the external DNS (hosted elsewhere). I don't understand why you are getting the same response both internally and externally. Scott On Tue, Sep 24, 2019 at 6:27 PM Brian Meade wrote: > Issue would be a corporate PC with umbrella going off-site. If you add > your internal domains, it would get the _cisco-uds record always rather > then _collab-edge. > > On Tue, Sep 24, 2019, 6:34 PM Norton, Mike > wrote: > >> Have never used Umbrella for external clients, but I would be very >> surprised if it somehow magically exposed your “local” domains to external >> clients. Internal clients use the internal Umbrella virtual appliance to >> resolve names, and if the request is for a domain defined as “local”, the >> virtual appliance then uses the internal DNS server to resolve the name. >> External clients would not have access to the internal virtual appliance >> nor to the internal DNS server, so it should not be possible for external >> clients to get internal answers. IIRC the list of “local” domains is per >> “site” and external clients would not be in scope for the site. >> >> Defining a local domain is probably what you want. >> >> I could be wrong though - stopped using Umbrella after Cisco bought it >> and tried to more than quadruple the pricing on us. >> >> -mn >> >> >> >> *From:* cisco-voip *On Behalf Of *Brian >> Meade >> *Sent:* September 24, 2019 12:37 PM >> *To:* cisco-voip voyp list >> *Subject:* [cisco-voip] Jabber MRA with Cisco Umbrella >> >> >> >> Has anyone been able to get this to work? >> >> >> >> Umbrella always finds the _collab-edge SRV record even when internally. >> I imagine if we made the voice services domain a local domain we would have >> the reverse issue of always seeing _cisco-uds even when external. >> >> >> >> Any Umbrella features that could help here? >> >> >> >> Thanks, >> >> Brian Meade >> > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber MRA with Cisco Umbrella
Issue would be a corporate PC with umbrella going off-site. If you add your internal domains, it would get the _cisco-uds record always rather then _collab-edge. On Tue, Sep 24, 2019, 6:34 PM Norton, Mike wrote: > Have never used Umbrella for external clients, but I would be very > surprised if it somehow magically exposed your “local” domains to external > clients. Internal clients use the internal Umbrella virtual appliance to > resolve names, and if the request is for a domain defined as “local”, the > virtual appliance then uses the internal DNS server to resolve the name. > External clients would not have access to the internal virtual appliance > nor to the internal DNS server, so it should not be possible for external > clients to get internal answers. IIRC the list of “local” domains is per > “site” and external clients would not be in scope for the site. > > Defining a local domain is probably what you want. > > I could be wrong though - stopped using Umbrella after Cisco bought it and > tried to more than quadruple the pricing on us. > > -mn > > > > *From:* cisco-voip *On Behalf Of *Brian > Meade > *Sent:* September 24, 2019 12:37 PM > *To:* cisco-voip voyp list > *Subject:* [cisco-voip] Jabber MRA with Cisco Umbrella > > > > Has anyone been able to get this to work? > > > > Umbrella always finds the _collab-edge SRV record even when internally. I > imagine if we made the voice services domain a local domain we would have > the reverse issue of always seeing _cisco-uds even when external. > > > > Any Umbrella features that could help here? > > > > Thanks, > > Brian Meade > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber MRA with Cisco Umbrella
Have never used Umbrella for external clients, but I would be very surprised if it somehow magically exposed your “local” domains to external clients. Internal clients use the internal Umbrella virtual appliance to resolve names, and if the request is for a domain defined as “local”, the virtual appliance then uses the internal DNS server to resolve the name. External clients would not have access to the internal virtual appliance nor to the internal DNS server, so it should not be possible for external clients to get internal answers. IIRC the list of “local” domains is per “site” and external clients would not be in scope for the site. Defining a local domain is probably what you want. I could be wrong though - stopped using Umbrella after Cisco bought it and tried to more than quadruple the pricing on us. -mn From: cisco-voip On Behalf Of Brian Meade Sent: September 24, 2019 12:37 PM To: cisco-voip voyp list Subject: [cisco-voip] Jabber MRA with Cisco Umbrella Has anyone been able to get this to work? Umbrella always finds the _collab-edge SRV record even when internally. I imagine if we made the voice services domain a local domain we would have the reverse issue of always seeing _cisco-uds even when external. Any Umbrella features that could help here? Thanks, Brian Meade ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber MRA with Cisco Umbrella
Which deployment model have you chosen? What features are you using on the endpoint? I’m _pretty_ sure we’ve using Umbrella, but we’ve basically pointed our on-prem DNS servers to them. And that’s it. No endpoint configuration yet. I’ve asked the team to make sure they do tests accordingly before any other configuration changes to ensure Jabber on/off-premise detection works. It’s a shame the BUs can’t co-ordinate. I mentioned Jabber on/off-prem detection and I don’t think any of the Umbrella folks knew what I was talking about. If they did, they hid it pretty well. Hmmm, maybe this is what that Solutions Support option is all about? --- Lelio Fulgenzi, B.A. | Senior Analyst Computing and Communications Services | University of Guelph Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1 519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook [University of Guelph Cornerstone with Improve Life tagline] From: cisco-voip On Behalf Of Brian Meade Sent: Tuesday, September 24, 2019 2:37 PM To: cisco-voip voyp list Subject: [cisco-voip] Jabber MRA with Cisco Umbrella Has anyone been able to get this to work? Umbrella always finds the _collab-edge SRV record even when internally. I imagine if we made the voice services domain a local domain we would have the reverse issue of always seeing _cisco-uds even when external. Any Umbrella features that could help here? Thanks, Brian Meade ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Jabber MRA with Cisco Umbrella
Has anyone been able to get this to work? Umbrella always finds the _collab-edge SRV record even when internally. I imagine if we made the voice services domain a local domain we would have the reverse issue of always seeing _cisco-uds even when external. Any Umbrella features that could help here? Thanks, Brian Meade ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip