https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4386140#M1107 <P>The <A href="http://www.ciscoprep.com/p/350-601-implementing-and-operating.html" target="_blank" rel="noopener">intelligent proxy</A> is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators don't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers or compromise company data.</P><P><A href="https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy" target="_blank" rel="noopener">https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy</A></P> Tue, 13 Apr 2021 12:25:21 GMT ameliascotts80938 2021-04-13T12:25:21Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292324#M1075 <P>Hello ,&nbsp;</P><P>&nbsp;</P><P>I have an ASA cluster in AWS .</P><P>&nbsp;</P><P>I have the roaming client on all my any connect users.</P><P>&nbsp;</P><P>I am seeing a strange behaviour . Wheneevrr users are connected to any connect , umbrella is proxing many websites which it is not when users are not on anyconnect.</P><P>&nbsp;</P><P>Like gitlab etc .</P><P>&nbsp;</P><P>Is it normal or how to make both work same&nbsp;</P> Tue, 16 Feb 2021 11:37:56 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292324#M1075 skywalker_007 2021-02-16T11:37:56Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292328#M1076 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1146484">@skywalker_007</a>&nbsp;</P> <P>Do you have a different policy rule for "Roaming Computers" compared to when they are not connected? If there are different policies with different rules that could explain it. Which license do you have?</P> <P>&nbsp;</P> Tue, 16 Feb 2021 11:49:49 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292328#M1076 Rob Ingram 2021-02-16T11:49:49Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292330#M1077 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp; we have dns advantage.</P><P>&nbsp;</P><P>You mean different&nbsp; security rule in umbrella or ASAv ?</P> Tue, 16 Feb 2021 11:54:26 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292330#M1077 skywalker_007 2021-02-16T11:54:26Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292332#M1078 <P>Yes, Umbrella policy.</P> Tue, 16 Feb 2021 11:59:24 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292332#M1078 Rob Ingram 2021-02-16T11:59:24Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292539#M1079 <P>Hi Rob,</P><P>&nbsp;</P><P>There is no difference except we block some extra categories like gamble , lottery etc.</P><P>&nbsp;</P><P>Does this make difference ?</P> Tue, 16 Feb 2021 16:31:55 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292539#M1079 skywalker_007 2021-02-16T16:31:55Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292901#M1081 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;Not able to figure out why there is a difference</P> Wed, 17 Feb 2021 08:40:03 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4292901#M1081 skywalker_007 2021-02-17T08:40:03Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4293150#M1084 <P>Anyone ? We have two policies - one is vpn and other is default .</P><P>In vpn policy , we are blocking more like gambling etc .</P><P>&nbsp;</P><P>But some websites are being proxies while connected to vpn but not when not connected.</P><P>&nbsp;</P><P>This is a strange behaviour . Don't think so related to policy.</P><P>&nbsp;</P><P>Could be because of intelligent proxy or certificate ?</P><P>&nbsp;</P><P>Or chaining ?</P><P>&nbsp;</P><P>When connected to ASAv , the request goes to asa in AWS cloud .but we have already added the public IP of asa as known ip in umbrella.</P><P>&nbsp;</P><P>The issue is proxying</P><P>&nbsp;</P> Wed, 17 Feb 2021 16:01:59 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4293150#M1084 skywalker_007 2021-02-17T16:01:59Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4293181#M1085 <P>as we are using full tunnel , can we enable the below option on umbrella&nbsp;</P><P>&nbsp;</P><P>Disable umbrella module on Anyconnect full tunnel vpn</P> Wed, 17 Feb 2021 17:01:59 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4293181#M1085 skywalker_007 2021-02-17T17:01:59Z https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4386140#M1107 <P>The <A href="http://www.ciscoprep.com/p/350-601-implementing-and-operating.html" target="_blank" rel="noopener">intelligent proxy</A> is the ability for Umbrella to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access while also posing a risk because of the possibility of hosting malware. Administrators don't want to block access to the whole "grey" domain for everyone but they also don't want your users to access files that could harm their computers or compromise company data.</P><P><A href="https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy" target="_blank" rel="noopener">https://docs.umbrella.com/deployment-umbrella/docs/what-is-the-intelligent-proxy</A></P> Tue, 13 Apr 2021 12:25:21 GMT https://community.cisco.com/t5/cloud-security/umbrella-proxying/m-p/4386140#M1107 ameliascotts80938 2021-04-13T12:25:21Z