Cisco ASA with Firepower Services, Setup Guide. Let’s come to the fourth part: How to Use Umbrella DNS?
Using Umbrella DNS
As the administrator of Cisco ASA, you are able to connect to the free and fast Cisco Umbrella global network DNS service which offers you visibility into all Internet traffic originating from your ASA, and result in a faster Internet experience for your users. If you then want to add an additional layer of DNS security to your ASA, the easy-to-establish connection to Umbrella enables you to access our free trial̶which you can setup (by yourself) in less than five minutes.
1. Setting Up Umbrella
Launch the Cisco ASDM and configure internal DNS servers to use Umbrella as their DNS forwarders.
Step1. Launch ASDM and Click [Configuration].MEMO: If you are using a DNS forwarder as the primary DNS server for your network, update the server to use the Umbrella IP addresses of 220.127.116.11 and 18.104.22.168. If you’re not certain whether you have a DNS forwarder on your ASA or DNS server, the best way to determine what needs to be changed is to see what device is being used as the DNS server for client workstations that are receiving DHCP from the network. This information is typically in the DNS section of the network adapter settings on the client workstation.
Step2. Click [Device Management].Step3. Click [DHCP].
Step4. Click [DHCP Server].Step5. Click [Edit].Step6. Enter “22.214.171.124” in the [DNS Server 1] field.
Step7. Enter “126.96.36.199” in the [DNS Server 2] field.Step8. Click [Apply].
2. Signing Up for Umbrella
Once you’ve configured your Cisco ASA to point to Cisco Umbrella, you can sign up for either a free premium DNS account or a free 14-day trial of Umbrella.
- Free Premium DNS (https://signup.opendns.com/premiumdns): We offer a free, fast recursive DNS service which gives you visibility into all of your Internet traffic originating from your ASA device.
- Free Umbrella 14-Day Trial (https://signup.opendns.com/freetrial): If you want to add an additional layer of DNS security to your ASA, try our free trial̶ you can set it up yourself in less than five minutes, no credit card or phone call required.
The trial includes:
- Threat protection like no other ̶ block malware, C2 callbacks, and phishing.
- Predictive Intelligence ̶ automates threat protection to detect attacks before they are launched.
- Worldwide Coverage, Fast ̶ no hardware to install or software to maintain.
- Weekly security report ̶ get a personalized summary of malware requests & more, directly to your inbox
Most Next-Generation Firewalls (NGFWs) reduce risk by providing access control over applications and users. But they don’t eliminate threats because attackers can still exploit open web connections and approved applications. For superior protection, an NGFW must be able to provide deep visibility into and across the network, apply intelligent automation to identify threats, adapt protections to a dynamic network environment, and quickly scope and recover from attacks to minimize damage. Cisco ASA with Firepower Services delivers all of those capabilities, so upgrade to Cisco’s newest NGFW today and protect your high-value digital assets.
|Feature||Typical NGFW||Cisco ASA with Firepower Services|
|NSS Breach Detection and NGIPS Leadership Position Reports||Partial or Not Available||Superior|
|Reputation-Based Proactive Protection||Not Available||Superior|
|Intelligent Security Automation||Not Available||Superior|
|File Reputation, File Trajectory, Retrospective Analysis||Note Available||Superior|
|Application Visibility and Control (AVC)||Available||Superior|
|AMP and NGIPS in a Single Device||Limited||Superior|
|Threat Feeds Updated Daily from Security Intelligence to Provide Timely Threat Detection Capability||Limited||Superior|
|Legacy Models||FW + AVC||FW + AVC + IPS||Current Models||FW + AVC||FW + AVC + IPS|
|Cisco ASA 5505||－||－||Cisco ASA 5506-X||250 Mbps||125 Mbps|
|Cisco ASA 5510||－||－||Cisco ASA 5508-X||450 Mbps||250 Mbps|
|Cisco ASA 5512||300 Mbps||150 Mbps||Cisco ASA 5516-X||850 Mbps||450 Mbps|
|Cisco ASA 5515-X||500 Mbps||250 Mbps||Cisco ASA 5516-X||850 Mbps||450 Mbps|