The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Configure Policies

Before proceeding, if you're unfamiliar with how to configure policies, see Manage Policies.

The information listed here discusses creating on-network versus off-network policies for roaming computers. If you require a single unified policy for Umbrella roaming clients, networks, and other identities for content filtering and security, and you do not require separate permissions for off-network and on-network identities, follow Umbrella's standard procedures for creating policies.

Depending on your organization's IT policies, you may wish to configure separate off-network and on-network content filtering policies. You may also disable "Content Logging", and only record security-related events in your reporting. In so doing, the end user's privacy is maintained while connected at remote locations.

This is simple to do in Umbrella. The trick is to create a policy for the network usage and have it take priority over a similar policy for roaming.

Step 1: Create an on-network policy

Begin by creating the policy you would like to apply to all users—with or without the Umbrella roaming client installed—when they are on one of your local networks.

  1. Navigate to Policies > Management > All Policies and click Add.
  1. Select Networks identities and then click Next.
    Do not select Roaming Computers.
    Note: You can expand an identity type to select individual identities.
  1. In Step 2 of the policy wizard, select the policy features you would like to have apply on-network and then click Next.
    Ensure that you select Enforce Security at the DNS Layer.
  1. Follow the steps of the wizard accepting default settings or make changes as required.
  2. In the final step of the policy wizard, give your policy a name, review your settings and click Save.
    Note: It will take up to 90 seconds for the policy to be applied to your roaming computers.

Step 2: Create an off-network policy

Next, create the policy you would like to apply to all users on their roaming computers when connected outside of your networks.

  1. Navigate to Policies > Management > All Policies and click Add.
    Note: Users will be subjected to the on-network policy if connecting back to one of the networks through a VPN, which will make the computer part of the network again.
  1. In the first step, select all or some roaming computers, but do not select any networks.
  2. Click Next and in the next sections of the Policy wizard choose the content settings and security settings you would like to apply when out of the office. A common business use case is enabling the default security settings but disabling content filtering to maintain user privacy.
  3. Finish the wizard by selecting your desired Block Page Settings and any Bypass Codes or Users you wish to add.
  4. Click Next and in the final step of the policy wizard give your policy a name and click Save.
    It will take up to 90 seconds for the policy to be applied to your roaming computers.

Step 3: Order your policies correctly

Finally, and this is critical, make sure that your policy for networks is listed above your policy for roaming computers. Reorder policies by dragging and dropping them.

When the user is on your network, the network policy takes precedence; however, when the roaming computer is off-network, their roaming policy takes effect instead.

Note: When the user is on your network, the network policy takes precedence; however, when the roaming computer is off-network, their roaming policy takes effect instead.


Verify Operation < Configure Policies > Add IP Layer Enforcement

Configure Policies


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.