Use Cases for SD-WAN Capabilities in Cisco Secure Firewall

Workflow for Configuring Umbrella Auto Tunnel

Updated: February 5, 2026

Overview

Illustrates the end‑to‑end workflow for deploying Cisco Umbrella SASE auto tunnel with Secure Firewall.

The following flowchart illustrates the workflow for configuring the SASE tunnel in Firewall Management Center.

Step	Description
	(Prerequisite) Generate and copy the API keys in Cisco Umbrella. See Map Management Center Umbrella Parameters and Cisco Umbrella API Keys .
	(Prerequisite) Configure the Cisco Umbrella connection. See Configure Cisco Umbrella Connection Settings.
	Create the SASE tunnel and deploy the configuration on threat defense. See Configure a SASE Tunnel for Umbrella.
	Configure a static route. See Configure a Static Route.
	Configure an extended ACL object for DNS and web traffic. See Configure an Extended ACL for DNS and Web Traffic
	Configure a PBR policy for DNS and web traffic. See Configure a PBR Policy for DNS and Web Traffic
	Deploy configuration on the threat Defense device. See Deploy Configuration.
	Verify tunnel deployment. See Verify SASE Umbrella Tunnel Deployment.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.