Advanced Settings let you enable various advanced security settings including Umbrella's intelligent proxy, which gives Umbrella the ability to intercept and proxy requests for malicious files embedded within certain so-called "grey" domains. With the intelligent proxy, if a site is considered potentially suspicious or could host malicious content, we will return the IP address of the intelligent proxy. The request to that domain is then routed through our cloud-based secure gateway, and malicious content is found and stopped before it is sent to you.
Advanced settings also lets you enable SafeSearch, which gives you access to a feature of the major search engines that restricts and filters explicit images and results.
- Navigate to Centralized Settings > Advanced Settings.
- Click Add a Setting or expand an existing advanced setting.
- Give your Advanced Settings a meaningful name and select options:
- Enable Intelligent Proxy—Allows for URL-based malware filtering for domains with legitimate content where some pages may contain malicious files. For more information about the intelligent proxy, and exactly how it works, including key information about enabling HTTPS inspection, see Enable the Intelligent Proxy.
- Enable IP-Layer Enforcement—(Roaming Computer identities only.) Available when the intelligent proxy is enabled. Tunnels suspect IP connections.
Note: IP-Layer Enforcement will be end of life in July, 2022.
- Inspect Files—Available when you enable the intelligent proxy. Inspects files for malicious content hosted on suspicious domains before downloading files. A suspicious domain is one that is neither trusted nor known to be malicious but might potentially pose a threat—in this case, we want to run a deeper inspection. Our proxy captures the file, scans it to determine if a threat exists and, if a threat is detected, blocks the file from being downloaded. This can be an explicit download, such as when a user clicks on a link in an email or a download that happens behind the scenes, in so-called 'drive-by download' scenarios. The Umbrella Security Activity and Activity Search reports offer you data on these actions so you can review what Umbrella blocked. For more information about Umbrella's File Inspection feature, see Enable File Inspection.
- SSL Decryption—Available when the intelligent proxy is enabled. Inspects HTTPS traffic. For more information, see SSL Decryption in the Intelligent Proxy.
If you select SSL Decryption, click Download Certificate.
You must download and install the Cisco root certificate. For more information, see Cisco Certificate Import Information.
- Enforce SafeSearch—SafeSearch is a feature of the major search engines that restricts and filters explicit images and results. Umbrella provides the ability to enforce traffic to Google, YouTube, and Bing on a per-policy basis. Enabling SafeSearch here enables it in org policies and results in an org's search engine results being free of pornographic and other offensive content. For more information, see What is SafeSearch.
Logging settings are:
- Log All Requests—Full logging, whether for content, security or otherwise.
- Log Only Security Events—Security logging only, which gives your users more privacy. This is a good setting for people with the roaming client installed on personal devices.
- Don't Log Any Requests—Disable all logging. If you select this option, most reporting for identities with this policy will not be helpful as nothing is logged to report on.
- Click Continue.
- Select the customers with whom you want to share these advanced settings and click Continue.
When shared with a customer, these settings become available in the customer's Umbrella dashboard and can be selected when configuring policies. You can also choose not to share these settings with customers. Click Continue without selecting any customers.
- From the Policy Settings page, choose how you would like to have this advanced setting applied to the Umbrella policies of both your existing customers and any new customers you might add. Choose from the following options:
- Set as Default Setting—If selected, this advanced setting will be applied to the default policy of any new customers. This setting is not applied to the default policy of existing customers in Umbrella.
Note: You must always have at least one default advanced setting. An advanced setting that has Set as Default Setting selected cannot be deleted until that setting has been de-selected.
- Apply to Default Policy—When selected, this advanced setting is applied only to the default Umbrella policy of the customers you selected in the previous step—Share with Customers. All other Umbrella policies for the selected customers remain the same.
- Apply to All Policies—When selected, this advanced setting is applied to all of the Umbrella policies for the customers you selected in the previous step—Share with Customers. This includes the selected customers' default policy.
Note: When you select Apply to all Policies, the next time you access this setting it appears that it has reset to Apply to Default Policy. It has not and your Umbrella policies are not changed. Once configured, to change Apply to All Policies to Apply to Default Policy, you must select Apply to Default Policy and click Save & Close.
- Click Continue.
- Review your advanced settings and click Save & Close.
Each link under Share Summary opens a modal window that lets you view which customers will share this destination list.
Updated about 1 year ago