Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1376
Views
0
Helpful
1
Replies

Cisco Umbrella denying acess to Social Media

RandomZer0
Level 1
Level 1

‎05-25-2023 05:24 AM

Hi Community,

 

I have a issue with the Cisco Umbrella, we have for most of our company the access to Social Media block, the only exception is a group in AD that allows members to access them ,this group is also link to a policy inside Umbrella that blocks some categories but not Social Media, when we try to access to a page ( for example facebook.com ) it appears our usual block screen saying that the page is block by Cisco Umbrella, by doing a quick tracert to facebook.com we saw that the last entry was hit-adult.opendns.com, so we also remove the adult category from the block list but still we cant access it , we also try to create a allow list with only social media but the result was the same.

 

 

 

Note ( AD is Linked to Umbrella )

Labels:
0 Helpful
1 Reply 1

aaragonb
Cisco Employee
Cisco Employee

‎06-14-2023 02:56 AM

First of all, we need to know:

  1. Do you have Umbrella DNS protection only or do you have the Umbrella proxy as well or any other proxy?
  2. Do you have the DNS policy only or also de web policy?
  3. Is this behavior happening on network, remotely, or both?
  4. What Umbrella deployment are you using: Anyconnect, standalone roaming client, Virtual Appliances…?
  5. How is the traffic flow? For instance: off-network laptop with roaming client (no vpn) -> Umbrella or, another example, on-network laptop without roaming client -> VA-> Umbrella

As far as I understood, please, correct me if I am wrong, the issue is: The policy to allow that AD group to access social media is not being matched, instead, the access is being blocked.

Let’s narrow it down. Please, take a test device with an AD user belonging to that AD group to run some tests:

- Create a test policy and place it at the top, add as identity your test user and the AD group, don’t configure anything else, and leave all blank like in the screenshots:

aaragonb_0-1686735652355.png

 

aaragonb_1-1686735660200.png

Save it and try to access facebook.com, please, send me a screenshot of the results and the reports. Also, please, check with the policy tester if the results are the same. I mostly would like to see if the AD user/group is being cached and matched by Umbrella.

- access to https://policy-debug.checkumbrella.com/ please, send me these screenshots for your case:

aaragonb_2-1686736201620.pngaaragonb_3-1686736373340.png

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents