Skip to main content
Cisco Meraki

Meraki Umbrella SDWAN Connector Troubleshooting Guide

Overview 

Integrating Umbrella SIG (Secure Internet Gateway) with Meraki MX, connects the Meraki SD-WAN fabric to Umbrella cloud security services. This solution reduces the complexity in securing the network WAN edge. Umbrella's unified cloud platform simplifies managing and designing security policies for all sites within the Meraki SD-WAN fabric.

Umbrella SIG is a cloud-based security solution designed for remote sites. This deployment guide outlines how to configure and deploy the Umbrella-SIG connector establishing an Auto VPN connection from a Meraki MX Security and SD-WAN appliance to the Umbrella cloud. Umbrella's SIG provides centralized management for security so that network administrators do not have to separately manage security settings for each branch. All internet-bound traffic will be forwarded to Umbrella SIG through an Auto VPN tunnel to the UMB-SIG device in the Umbrella cloud for inspection and filtering. 

Troubleshooting 

UMB-SIG Deployed but not Checking in to Dashboard 

A UMB-SIG device will typically take between 3-5 minutes to check in to the dashboard.  If one of the UMB-SIG devices in a new deployment is not checking in to the dashboard and it has been >10 minutes since deployment please try deleting the SIG deployment (both primary and secondary) using the cloud on-ramps page, wait 5 minutes and then deploy again.  If either of the new UMB-SIG devices do not check in, please contact Umbrella support.

Auto-VPN Tunnels not Establishing 

If the vMX is online in the dashboard but Auto-VPN is not established between the vMX and the branch sites please ensire there is no firewall in front of the branch site that could be blocking the tunnel establishment.

For further auto-vpn troubleshooting pleas refer to this document

No eBGP Session Established to NNI 

If the vMX is online and auto-vpn is established to the branch but the eBGP peering is not establishing between the vMX and the NNI (see diagram at top of this KB) take a packet capture on the uplink of the vMX and filter for the BGP peer IP to ensure there is successful bi-directional communication and no erroneous errors in the BGP message exchange.

Please refer to this document for further BGP troubleshooting.  

Client Traffic Egressing vMX in to Umbrella but no Response 

<check NNI API for SIG tunnel status>

Engaging with Umbrella Support

If a customer creates an email case or calls-in and is having issues with the UMB-SIG integration...

 

Open Umbrella Support Case

To open an Umbrella Support case on behalf of the customer, send an email from the Meraki Support case in SFDC in the following format:

If for whatever reason, you need to follow up or escalate a ticket that has been opened, please email the umbrella-escalations@cisco.com mailer which includes support managers and team leads. Include the case number and reason for reaching out. This address should not be given to customers and is internal only so you will need to email from a @cisco.com account.

If there is a sev 1 issue or other emergency and you need to reach Umbrella support via phone, you can use this number: 877.265.7077. Identify yourself as a member of the Meraki Support team. This number should not be given to customers. If a customer does have a phone support package with Umbrella, they will be able to view this number via the phone icon in the upper right corner of their Umbrella dashboard.

 

Note: The Umbrella Support team may also reach out to us via email/phone to handover cases. When engaging Meraki Support, Umbrella should be providing the following information:

Low severity tickets will be submitted via email. For high severity issues Umbrella Support will dial into our general Support Hotline

 

  • Was this article helpful?