The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find our comprehensive guides designed to help you use with Cisco Umbrella.

Get Started    

Manage Policies

Policies are the heart of Umbrella and define how security and access controls are applied to identities. Through policies, you determine whether traffic is inspected and either blocked or allowed.

Packages and Feature Availability

Various features of the policy wizard explained here are not available to all Umbrella packages. If you encounter a feature described here that you do not have access to, contact your sales representative for more information about your current package. See also, Cisco Umbrella Packages.

You can have more than one policy and your identities can be added to any number of policies. However, Umbrella applies the first matching policy to your identity and immediately stops evaluating policies. If no matching policy is found, Umbrella applies the Default policy. Because of the way Umbrella evaluates identities against policies, it's important that you configure policies correctly for each of your organization's identities. An error in configuration may result in unintended results: identities being left unprotected to various threats or users accessing destinations you may want blocked. Plan and design your policies before you build them. For some helpful suggestions, see Best Practices for Policy Creation

There is always at least one policy—the Default policy. This default policy applies to all identities and cannot be deleted—you can, however, configure it to meet your organization's unique requirements. The default policy is applied to an identity when no other policy matches that identity. Thus, the Default policy is a catch-all to ensure that all identities within your organization receive at least a minimum of Umbrella protection.

When accessing Umbrella's policies page, there's always at least one policy—the Default policy. This policy applies to all identities and cannot be deleted—you can, however, change it to meet your organization's unique requirements. The Default policy is applied to an identity when no other policy matches that identity. Thus, the Default policy is a catch-all to ensure that all identities within your organization receive at least a minimum of Umbrella protection.

You can have more than one policy and your identities can be added to any number of policies. However, Umbrella applies the first matching policy to your identity and immediately stops evaluating policies. If no matching policy is found, Umbrella applies the Default policy. Because of the way Umbrella evaluates identities against policies, it's important that you configure policies correctly for each of your organization's identities. An error in configuration may result in unintended results: identities being left unprotected to various threats or users accessing destinations you may want blocked. Plan and design your policies before you build them. For some helpful suggestions, see Best Practices for Policy Creation

There is always at least one policy—the Default policy. This default policy applies to all identities and cannot be deleted—you can, however, configure it to meet your organization's unique requirements. The default policy is applied to an identity when no other policy matches that identity. Thus, the Default policy is a catch-all to ensure that all identities within your organization receive at least a minimum of Umbrella protection.

Policy Creation Basics

You create policies through the Policy wizard, which is made up of two parts. In the first part of the wizard, you select the identities to which the policy applies and select which components should be enabled and configured for the policy. In the second part of the wizard, you configure each component of the policy that was selected in part one of the wizard. These components are made available as steps in the wizard. Once the new policy is saved, it may take upwards of five minutes for the policy to replicate through Umbrella’s global infrastructure and start taking effect.

The Policy wizard includes many and varied access control and security-related components for you to consider when defining policies for your identities.

  • Security Settings—Allows you to select which security threat categories Umbrella blocks. For example, malware.
  • Content Categories—Allows you to block access to categories of websites—groupings of sites with similarly-themed content. For example, sports, gambling, or astrology.
  • Application Settings—Allows you to block access to specific applications. For example, Netflix, Facebook, or Amazon.
  • Destination Lists—Allows you to create a unique list of destinations (for example, domain name or URL) to which you can block or allow access.
  • Block Pages—Allows you to configure the web page users see when an attempt is made to reach a blocked destination.
    Note: Depending on the policy type (DNS or Web), some destination types may or may not be supported by the policy.
  • File Inspection—Scan and inspect files for malicious content hosted on risky domains before those files are downloaded.

Point Your DNS to Cisco Umbrella < Manage Policies > Add a Policy

Manage Policies


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.