Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
1
Helpful
4
Replies

Does Umbrella VA change the source IP of DNS requests?

Go to solution
guacamoley
Level 1
Level 1

‎04-02-2024 08:33 AM - edited ‎04-02-2024 08:34 AM

Say a user sends a DNS request for youtube.com. Their DNS is locally configured to send all requests to the VA. Will the VA then forward the request with its own private IP or would it forward it with the original device's IP? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to guacamoley

‎04-02-2024 09:16 AM - edited ‎04-02-2024 09:40 AM

@guacamoley yes, if you are using the VA the traffic will show up as the internal network, which would be the client's real IP address (not the FW/router NAT IP address). You need to associate the Internal Networks with an Umbrella Site, Network or tunnel.

If you are not using the VA the NAT ip address would show up in the Cloud.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎04-02-2024 08:37 AM

@guacamoley the VA will preserve the original client device IP address when the packet is routed to the cloud. This way Umbrella can create policies based on the internal networks.

0 Helpful

Go to solution
guacamoley
Level 1
Level 1
In response to Rob Ingram

‎04-02-2024 08:56 AM

 Got it - A follow up, in that case will the traffic will show up as "Internal Networks" as opposed to the public SNAT of your internet edge?

Go to solution
MHM Cisco World
VIP
VIP
In response to guacamoley

‎04-02-2024 08:59 AM - edited ‎04-02-2024 09:00 AM

Friend there are two IP' the IP of client request DNS and IP used by FW or router to connect to Umbrella' 

The IP used by FW or router is public IP and client IP is private almost.

I.e. the FW or router encapsulate the dns request inside udp packet.

MHM

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to guacamoley

‎04-02-2024 09:16 AM - edited ‎04-02-2024 09:40 AM

@guacamoley yes, if you are using the VA the traffic will show up as the internal network, which would be the client's real IP address (not the FW/router NAT IP address). You need to associate the Internal Networks with an Umbrella Site, Network or tunnel.

If you are not using the VA the NAT ip address would show up in the Cloud.

 

0 Helpful
Customers Also Viewed These Support Documents