Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1498
Views
0
Helpful
1
Replies

Umbrella Block/Allow list and AD issues

Dawn C
Level 1
Level 1

‎07-19-2022 11:40 AM - edited ‎07-20-2022 11:35 AM

Hello fellow geeks. We are setting up Cisco Umbrella for our school district this year and have run into a snag.

We have the VA's and Connectors set up. It is pulling in all of our AD groups and users as it should. I have set up different policies and block/allow lists based on our user groups. When I run the policy tester against those AD groups it shows the correct policy is applied. In general Umbrella is working and filtering traffic.

My problem is that I still have to add Allowed websites to the Global Allow list for access to happen no matter what other Destination List is applied to the policy.

For example I have an Admin policy created. In that policy we have AD admin user group added in for the Identity and an Admin Allow/block list created and applied to the Admin Policy.

If I add an allowed site to the Admin Allow List the site will not go through even when the policy tester reads it should. I can only get the site to work if I add it in to the Global list. This will be an issue as we don't want everyone to access every site we may need to allow. 

Can anyone shed some light on what I might be doing wrong with the Destination List enforcement?

UPDATE: We have this working properly now.

3 people had this problem
Labels:
0 Helpful
1 Reply 1

adamwin
Cisco Employee
Cisco Employee

‎07-22-2022 04:14 PM - edited ‎07-22-2022 04:14 PM

Glad to hear you got it working!

0 Helpful
Customers Also Viewed These Support Documents