When enabled, Cisco Umbrella's intelligent proxy intercepts and proxies requests for malicious files embedded within certain so-called "grey" domains. You enable and disable the intelligent proxy when first creating a policy and, once configured, from the Policy Summary page.
Note: The intelligent proxy and related features are only available for customers with the Umbrella Insights or Umbrella Platform packages. For more information about packages, see Umbrella Package Comparison. Contact your Cisco account representative with any questions.
Wait, what's a proxy?
A proxy is just a step between your computer or mobile device and the internet. It intercepts requests to internet content, inspects them and if it doesn't find a problem, allows access. However, if there's a security threat posed by the content the computer or mobile device is trying to access, the proxy blocks access to it. This quickly and easily protects you without the threat ever coming near enough to do harm.
When enabling the intelligent proxy, we highly recommend also selecting SSL Decryption, which broadens the scope of your protection. With SSL decryption, you must install the Cisco root certificate. As well, with SSL Decryption selected, you can create a list of content categories to excluded from being sent to the intelligent proxy. For more information, see Enable the Intelligent Proxy.
As with any change, we recommend that you first enable the intelligent proxy for a small subset of your identities to ensure full compatibility; you may find you need to expand your allow list.
Although only SSL sites on Umbrella's greylist are proxied, it's required that the root certificate be installed on computers that are using SSL decryption for the intelligent proxy in their policy. Sites on our 'grey' list can include popular sites, such as file sharing services, that can potentially host malware on certain specific URLs while the vast majority of the rest of the site is perfectly harmless, so your users will go to some proxied sites even if they're acting in good faith.
Without the root certificate, when your users go to that service, they receive browser errors and the site is not accessible. The browser correctly believes that the traffic is being intercepted (and proxied) by a 'man in the middle', which, in this case, is the Umbrella service. Traffic is not decrypted and inspected; instead, the website is unavailable.
With the root certificate installed, errors do not occur and the site is accessible when it's been proxied and allowed. For information on installing the root certificate, see Install the Cisco Certificate.
When enabling SSL decryption, you can also exclude the proxying of requests to content categories by creating a Selective Decryption list. When configured, requests to access destinations within a selected content category are not proxied even thought the intelligent proxy is enabled. For example, if you add the category News / Media to the Selective Decryption list and then visit www.cnn.com, this destination is not inspected by the intelligent proxy.
Note: The categories Terrorism, Internet Watch Foundation, and German Youth Protection are excluded from this list and are always proxied.