Domain Management is used to list domains and IPs that should not be sent directly to Umbrella. These domains will use your local resolvers instead of the Umbrella resolvers. The domain list cannot exceed 5000 entries.
Domains can be applied to all sites, all devices (where "devices" refers specifically to roaming clients & mobile devices), or both. For example, you can apply domains to sites and not devices (or the other way around), so only traffic from sites will use your local resolvers.
- All Sites—"Sites” in Umbrella refer to separate different locations or networks, which do not have a direct connection to another of your locations or networks. To learn more about sites, see Using Umbrella Sites.
- All Devices—Devices in Umbrella refer to roaming clients and mobile devices.
- Navigate to Deployments > Configuration > Domain Management and click Add.
The Internal Domains list should be populated with any domains that should be sent to the local DNS server instead of directly to Umbrella (e.g. intranet.example.com). External Domains and IPs should be populated with destinations that should completely bypass the Umbrella web proxy, where the hosted PAC file or AnyConnect for SWG will send that traffic directly to the internet.
In addition to sites and devices, internal domains are also applied to Roaming Clients (AnyConnect for SWG) and the PAC file for DNS traffic only.
Internal Domains is pre-populated with the .local TLD and all RFC-1918 (private network) reverse DNS address space.
- Name your domain and add a description.
- Click the Applies To drop-down to add sites and devices for this domain. By default, all sites and all devices are selected but can be deselected.
Updated about a year ago