top of page
Writer's pictureDiniz Martins

Umbrella VA

What is Umbrella VA and how it works? 🤔

Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms. When utilized as conditional DNS forwarders on your network, Umbrella VAs record the internal IP address information of DNS requests for usage in reports, security enforcement, and category filtering policies. Additionally, VAs encrypt and authenticate DNS data for enhanced security.

VAs also enable Active Directory (AD) integration, which expands on the VAs’ functionality to include AD identify information in addition to internal IP address visibility and DNS encryption.


Umbrella Virtual Appliances (VAs) run on the Ubuntu operating system, which is a Linux distribution based on Debian. Not all commands normally available in Linux are available to clients from the VA's "Configuration Mode" command line. Instead, VAs use a restricted shell environment that provides a series of troubleshooting/diagnostic commands as well as configuration commands to change the relevant settings on the VAs.


Note: Two virtual appliances (VAs) are required per Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.


VAs act as conditional DNS forwarders in your network, intelligently forwarding public DNS queries to Cisco Umbrella's global network, and local DNS queries to your existing local DNS servers and forwarders. Every public DNS query sent to Umbrella is encrypted, authenticated, and includes the client's internal IP address.


The VAs don’t cache DNS records; a DNS record’s TTL set by the authoritative DNS servers is simply respected by the endpoints as normal. The VAs add a seamless and ultra-low latency layer to your local DNS infrastructure.



365 views0 comments

Recent Posts

See All

Understanding CIMC for Cisco ISE

Cisco Integrated Management Controller (CIMC) is a crucial component for managing and monitoring Cisco UCS servers, including those used...

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as...

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different...

Programming and IT solutions guide on STENGE.info blog
Cybersecurity and Networking tutorials on STENGE.info
IT infrastructure solutions and technology tutorials
STENGE.info logo - Tech Blog for IT Solutions and Tutorials
bottom of page