Configure Advanced Settings
Advanced Settings let you enable various security settings including Umbrella's intelligent proxy, which gives Umbrella the ability to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. With the intelligent proxy, if a site is considered potentially suspicious or could host malicious content, we'll return the IP address of the intelligent proxy. The request to that domain is then routed through our cloud-based secure gateway, and malicious content is found and stopped before it's sent to you.
Advanced Settings also let you enable SafeSeach, which gives you access to a feature of the major search engines that restricts and filters explicit images and results.
- Navigate to Centralized Settings > Advanced Settings.
- Click Add a Setting or expand an existing advanced setting.
- Give your Advanced Setting a meaningful name and select options:
- Enable Intelligent Proxy—Allows for URL-based malware filtering for domains with legitimate content where some pages may contain malicious files. For more information about the intelligent proxy, and exactly how it works, including key information about enabling HTTPS inspection, see Enable the Intelligent Proxy.
- Enable IP-Layer Enforcement—(Roaming Computer identities only.) Available when the intelligent proxy is enabled. Tunnels suspect IP connections. For more information, see Add IP Layer Enforcement.
- Inspect Files—Available when you enable the intelligent proxy. Inspects files for malicious content hosted on suspicious domains before downloading files. A suspicious domain is one that is neither trusted nor known to be malicious but might potentially pose a threat—in this case, we want to run deeper inspection. Our proxy captures the file, scans it to determine if a threat exists and, if a threat is detected, blocks the file from being downloaded. This can be an explicit download, such as when a user clicks on a link in an email or a download that happens behind the scenes, in so-called 'drive-by download' scenarios. The Umbrella Security Activity and Activity Search reports offer you data on these actions so you can review what Umbrella blocked. For more information about Umbrella's File Inspection feature, see Enable File Inspection.
- SSL Decryption—Available when the intelligent proxy is enabled. Inspects HTTPS traffic. For more information, see SSL Decryption in the Intelligent Proxy.
If you select SSL Decryption, click Download Certificate.
You must download and install the Cisco root certificate. For more information, see Install the Cisco Umbrella Root Certificate. - Enforce SafeSearch—SafeSearch is a feature of the major search engines that restricts and filters explicit images and results. Umbrella provides the ability to enforce traffic to Google, YouTube, and Bing on a per-policy basis. Enabling SafeSearch here enables it in org policies and results in an org's search engine results being free of pornographic and other offensive content. For more information about Umbrella's support of SafeSearch, see Enable SafeSearch.
Logging settings are: - Log All Requests—Full logging, whether for content, security or otherwise.
- Log Only Security Events—Security logging only, which gives your users more privacy. This is a good setting for people with the roaming client installed on personal devices.
- Don't Log Any Requests—Disable all logging. If you select this option, most reporting for identities with this policy will not be helpful as nothing is logged to report on.
- Click Continue.
- Select the organizations with whom you want to share this security setting and click Continue.
When shared with an organization, these settings become available in the org's Umbrella dashboard and can be selected when configuring policies. You can also choose not to share this setting with organizations by clicking Continue without selecting any organizations.
- From the Policy Settings page, choose how you would like to have this advanced setting applied to the Umbrella policies of both your existing organizations and any new organizations you might add. Choose from the following options:
- Set as Default Setting—If selected, this advanced setting will be applied to the default policy of any new organizations. This setting is not applied to the default policy of existing organizations in Umbrella.
Note: You must always have at least one default advanced setting. An advanced setting that has Set as Default Setting selected cannot be deleted until that setting has been de-selected. - Apply to Default Policy—When selected, this advanced setting is applied only to the default Umbrella policy of the organizations you selected in the previous step—Share with Organizations. All other Umbrella policies for the selected organizations remain the same.
- Apply to All Policies—When selected, this advanced setting is applied to all of the Umbrella policies for the organizations you selected in the previous step—Share with Organizations. This includes the selected organizations' default policy.
Note: When you select Apply to all Policies, the next time you access this setting it appears that it has reset to Apply to Default Policy. It has not and your Umbrella policies are not changed. Once configured, to change Apply to All Policies to Apply to Default Policy, you must select Apply to Default Policy and click Save & Close.
- Click Continue.
- Review your advanced settings and click Save & Close.
Each link under Share Summary opens a modal window that lets you view which organizations will share this setting.
Configure Security Settings < Configure Advanced Settings > Manage Centralized Reports
Updated about 1 year ago