cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3585
Views
5
Helpful
1
Comments
Meddane
VIP
VIP

Cisco Umbrella is making a big changes with additional features and components. Now you have two separate policies a DNS Policy and new Policy called Web Policy.

So what policy should you use?

In my opinion, there is a consideration when using DNS Policies and Web Policies.

1-DNS Policies will apply for non-browser traffic.

2-Web browsers may be configured in a way that no DNS request is made from the client, for example when using an explicit proxy. In this case only the web policy will be applied.

A DNS Request is made before the HTTP Request.

If a DNS request is blocked, it will remain blocked even if it is allowed on the Web Policy.

If the DNS request is allowed by the DNS Policy, but the web reuest is blocked by the web policy, the requests for the page will fail and a block page will be served.

But if you are familiar with Cisco Umbrella solution, in the DNS Policy there is traditional SSL Decryption and File Inspection. And in the New Web Policy there is also HTTPS Inspection and File inspection.

But what is the difference between the SSL Decryption in the DNS Policy and the HTTPS Inspection in the Web Policy?

When File Inspection is enabled for either the DNS or Web policy, File Inspection inspects files through Cisco Advanced Malware Protection (AMP) and Umbrella's antivirus.

But if files are not blocked through File Inspection and that are unknown to AMP file reputation or Umbrella's anti-virus (AV).

Cisco Umbrella can submit unknown files to Threat Grid sandboxing.

Threat Grid Malware Analysis is available only in the Web Policy.

4.PNG

 

Comments

Any update on this - keen on knowing how the two components affects each other?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: