05-25-2023 05:24 AM
Hi Community,
I have a issue with the Cisco Umbrella, we have for most of our company the access to Social Media block, the only exception is a group in AD that allows members to access them ,this group is also link to a policy inside Umbrella that blocks some categories but not Social Media, when we try to access to a page ( for example facebook.com ) it appears our usual block screen saying that the page is block by Cisco Umbrella, by doing a quick tracert to facebook.com we saw that the last entry was hit-adult.opendns.com, so we also remove the adult category from the block list but still we cant access it , we also try to create a allow list with only social media but the result was the same.
Note ( AD is Linked to Umbrella )
06-14-2023 02:56 AM
First of all, we need to know:
As far as I understood, please, correct me if I am wrong, the issue is: The policy to allow that AD group to access social media is not being matched, instead, the access is being blocked.
Let’s narrow it down. Please, take a test device with an AD user belonging to that AD group to run some tests:
- Create a test policy and place it at the top, add as identity your test user and the AD group, don’t configure anything else, and leave all blank like in the screenshots:
Save it and try to access facebook.com, please, send me a screenshot of the results and the reports. Also, please, check with the policy tester if the results are the same. I mostly would like to see if the AD user/group is being cached and matched by Umbrella.
- access to https://policy-debug.checkumbrella.com/ please, send me these screenshots for your case:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide