Free Delivery!
Buy Meraki from Cloudifi, Inc.  1-888-902-2276

Cisco Meraki and Umbrella Integration on MX and MR

There are two ways that the Cisco Umbrella DNS service can be integrated with a Cisco Meraki network. 

1) Meraki MX Integration with an existing (or new) Cisco Umbrella DNS subscription

and / or

2) Meraki MR Advanced + Upgrade Licences with Cisco Umbrella integration 

1) Meraki MX

Integrating the Meraki dashboard and Umbrella DNS allows clients connected behind Meraki security appliances or access points to have their DNS traffic filtered through Cisco's Umbrella DNS service. 

This integration allows administrators to easily apply and modify DNS-based filtering rules to multiple groups of clients on their network by simply assigning a filtering policy to a specific Meraki group policy or SSID.

Once assigned, all DNS requests from clients included under that policy will be automatically redirected to Cisco's Umbrella DNS service where it will be checked against the appropriate policy configured for the Network Device in the Umbrella dashboard.

There are specific instructions on how to Integrate the MX with an Umbrella subscription and this requires a specific firmware version on the MX.  For more information see you can read about it here.

Reach out to us if you'd like a quote for a Cisco Umbrella Subscription that you can use with your Meraki MX Security Appliance, its a relatively inexpensive way to easily improve the security of your network and a must have in today's world!

2) Meraki MR 

The Meraki MR Advanced + Upgrade Licenses with Cisco Umbrella integration enables Meraki administrators to assign predefined Umbrella content filtering and security policies to an SSID or Group Policy directly from the dashboard and removes the need to integrate with an existing Umbrella dashboard or Umbrella account.

Once Umbrella policies are assigned, all DNS requests from wireless clients will be intercepted by the upstream MR access point and redirected to Cisco's Umbrella DNS resolvers for evaluation. That DNS lookup either resolves successfully, allowing the client to connect to the requested web page, or gets blocked which redirects the client to an Umbrella block page.

In order to use the new MR Advanced & Upgrade License Umbrella integration the following prerequisites have to be met:

  • The organization where the integration will be used must have the Meraki Per-Device Licensing (PDL) model enabled. 

  • Each network using the integration must have a valid MR Advanced or MR Upgrade + device (Enterprise) license assigned for every access point.

  • All access points in the dashboard network must be running MR 26.1+ firmware.

There are two types of MR licenses that can enable the Meraki Umbrella integration: MR Advanced and MR Upgrade license. 

  • The MR Advanced license includes a device (Enterprise) license for an MR access point itself in addition to the Umbrella add-on license which enables Umbrella functionality on that access point. This license is generally purchased for licensing a new MR access point that does not already have a license.
  • The MR Upgrade license is considered an add-on license and enables Umbrella functionality only. It can only be assigned to MR access points with an active device (Enterprise) license. This license is generally purchased for MR access points that already have a basic enterprise license (not enabled for Umbrella).

Andrew Wilmot
Andrew Wilmot

Author