Cisco Secure Access
Cloud-delivered SSE platform with ZTNA, SWG, CASB, and DLP for securing hybrid workforces from a single console.
Firewall-as-a-Service for the Modern Enterprise
Web proxies and DNS security cover HTTP and HTTPS traffic, but organizations need visibility and control over all network traffic. Cisco Umbrella’s cloud firewall logs and inspects every connection across all ports and protocols — giving security teams a complete picture of what’s leaving the network and the ability to enforce policies without deploying hardware at every branch or remote location.
Cloud-Native Firewall Without the Hardware
The Cisco Umbrella cloud firewall is built into the same Umbrella platform that delivers DNS security, SWG, and CASB. Traffic forwarded to Umbrella via IPSec tunnel is inspected at Layer 3/4 and Layer 7 before being allowed to proceed — enforcing firewall policies for all TCP/UDP traffic from any office, branch, or remote worker.
- Full logging of all TCP and UDP connections across every port
- IP-layer (Layer 3/4) firewall rules for network-level control
- Application-aware (Layer 7) policies for granular control of specific apps
- Intrusion prevention system (IPS) rules for threat detection
- Delivered from Cisco’s global Anycast network for low-latency enforcement
Application Intelligence
Application-Layer Visibility and Control
Layer 3/4 firewall rules control traffic by IP and port. But many modern applications use common ports like 443 or 80, making it impossible to distinguish them without deeper inspection. Umbrella’s cloud firewall recognizes 2,800+ non-web applications using network-based application recognition (NBAR) at Layer 7, giving you the ability to allow, block, or rate-limit specific applications regardless of the port they use.
- Identify and control cloud apps, SaaS traffic, and custom applications
- Block file sharing apps while allowing collaboration tools on the same port
- Application logs feed directly into Umbrella’s unified reporting dashboard
SaaS & Cloud Apps
Identify and manage traffic from cloud applications sharing common ports.
Granular App Control
Block or allow specific applications regardless of the port they use.
Layer 7 Inspection
Deep packet inspection identifies apps by behavior, not just port numbers.
Unified Reporting
Application logs feed into the same dashboard as DNS and web security events.
Scales Automatically with Your Business
Traditional hardware firewalls require capacity planning, appliance procurement, and on-site installation at every location. Cisco Umbrella’s cloud firewall scales instantly as your organization grows — adding users, locations, and traffic without any infrastructure changes.
Consistent Performance
Cisco’s Anycast network spans data centers worldwide, routing traffic to the nearest enforcement point. Users experience low-latency firewall inspection regardless of their location or the time of day.
Elastic Capacity
Traffic spikes, acquisitions, or rapid workforce growth don’t require hardware upgrades or capacity planning. The cloud firewall scales instantly to handle any volume of connections without performance degradation.
Simple Policy Management
Manage all firewall rules, application controls, and IPS policies from the same Umbrella dashboard used for DNS and web security. One platform, one policy engine, one place to investigate threats.
Intrusion Prevention
IPS Rules for Network Threat Detection
The Umbrella cloud firewall includes an integrated intrusion prevention system based on SNORT 3 technology and powered by Cisco Talos intelligence. With 40,000+ signatures from Cisco Talos, IPS rules inspect all forwarded traffic for known attack signatures, exploit attempts, and suspicious network behavior — blocking threats that pass DNS and web controls by operating on non-HTTP traffic.
- Talos-maintained IPS signatures updated continuously
- Detects lateral movement, command-and-control, and exploit attempts
- IPS events integrated with DNS and web threat logs in unified reporting
SASE Architecture
A Key Component of Your SASE Strategy
Cisco Umbrella’s cloud firewall is one of five integrated cloud security services that form the foundation of Cisco’s SASE architecture. Combined with SD-WAN, organizations get full network security enforcement at the cloud edge — replacing the traditional hub-and-spoke model with direct, secure cloud connectivity from every location.
Explore Cisco SASECloud Firewall
All-port, all-protocol inspection with Layer 7 app control and IPS.
Secure Web Gateway
Full proxy inspection for web traffic with URL filtering and malware scanning.
DNS Security
Block threats at the DNS layer before a connection is ever established.
SD-WAN Integration
Direct cloud connectivity from every branch with unified policy enforcement.
The Next Evolution
Cisco Umbrella Is Evolving to Cisco Secure Access
Building on Cisco Umbrella’s proven security with more than 30,000 customers globally, Cisco Secure Access delivers an intuitive user experience, simplified IT management, and powerful new capabilities — for the same price.
Explore Cisco Secure AccessExtend Firewall Protection to Every Location Without Hardware
Our Cisco-certified team will help you deploy Umbrella cloud firewall across your organization, configure IPS policies, and integrate with your existing SD-WAN or routing infrastructure for full traffic coverage.
- Layer 3/4 and Layer 7 inspection for all TCP/UDP traffic
- IPS rules powered by Cisco Talos intelligence
- Scales instantly — no hardware procurement or capacity planning
- Response from a certified Cisco specialist within one business day