Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1101
Views
0
Helpful
6
Replies

Umbrella | URL being blocked despite being whitelisted

Go to solution
anfare
Level 1
Level 1

‎07-03-2024 07:36 AM

I don't understand what is going on here. I have a domain on the enforced whitelist. When I test the policies, the domain is always allowed. But when I try to visit the site, I get "This site is blocked due to content filtering" block page. The diagnostic info isn't very helpful, just lists a Bundle ID and the host is block.opendns.com which doesn't seem helpful. 

Any idea what is going wrong?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
anfare
Level 1
Level 1

‎09-30-2024 01:00 PM

I think this was another instance of me not being aware that there is also a Web Policy enabled that is impacting users. I checked the policy tester for DNS but I don't think I checked the Web policy tester and I think that was what was causing this block. Still not clear on why the allow destination list didn't take precedence, but disabling the web policy along with dns policy seemed to fix the issue.  

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Georg Pauwen
VIP
VIP

‎07-03-2024 07:45 AM

Hello,

which domain is whitelisted ? Chances are that that particular domain fetches content from other sites (which you have not allowed). Try the Google prefetch tool (link below) to identify additional sites that your domain is accessing...

https://support.umbrella.com/hc/en-us/articles/230904008-Guide-to-best-practices-for-allowing-or-blocking-domains-in-Cisco-Umbrella

0 Helpful

Go to solution
anfare
Level 1
Level 1
In response to Georg Pauwen

‎07-03-2024 07:55 AM

Thanks for the reply. I did see that article about watching the HAR for additional domains. The domain in question is intune.microsoft.com and it doesn't call any blocked subdomains, it is being fully blocked for some reason I don't understand despite both microsoft.com and intune.microsoft.com being whitelisted. 

0 Helpful

Go to solution
anfare
Level 1
Level 1

‎07-03-2024 09:59 AM - edited ‎07-03-2024 10:00 AM

I'm seeing this on multiple domains too-very confusing. Here azure is in the whitelist:

Screenshot 2024-07-03 at 12.45.06 PM.png

According to the documentation, you don't need to explicitly add subdomains. The policy tester shows the domain as allowed:

Screenshot 2024-07-03 at 12.33.49 PM.png

Yet when I try to go to a subdomain, I get blocked:

Screenshot 2024-07-03 at 12.31.32 PM.png

And none of these blocks are showing in the Activity Search for some reason despite all policies being set to "Log All Requests":

Screenshot 2024-07-03 at 12.47.54 PM.png

which is making it even harder to diagnose....

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to anfare

‎07-03-2024 11:02 AM

Hello,

I don't want to give stupid advice and mention the obvious, but check if you have 'Allowed-Only Mode' enabled...

https://docs.umbrella.com/deployment-umbrella/docs/create-and-apply-policies#advanced-settings

0 Helpful

Go to solution
anfare
Level 1
Level 1
In response to Georg Pauwen

‎07-08-2024 07:21 AM

Thanks, always welcome any help/advice, but unfortunately this time it isn't that easy (i.e. allowed-only mode is not enabled). 

0 Helpful

Go to solution
anfare
Level 1
Level 1

‎09-30-2024 01:00 PM

I think this was another instance of me not being aware that there is also a Web Policy enabled that is impacting users. I checked the policy tester for DNS but I don't think I checked the Web policy tester and I think that was what was causing this block. Still not clear on why the allow destination list didn't take precedence, but disabling the web policy along with dns policy seemed to fix the issue.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card