Destination lists are used to control identity access to websites. You add destinations to a destination list and then add that destination list to a policy. A Web policy only supports Web policy destination lists. A Web policy destination list can include the following destination types:
A Web policy destination list comes into effect when you add it as part of a rule for the Web policy. However, you must first add a Web policy destination list to Umbrella through the Destination List policy component before you can add it to a rule. You cannot create and add a Web policy destination list to a rule in the way that you can create and add a DNS policy destination list to a DNS policy while you are adding the DNS policy.
Note: Your destination list must be compatible with the policy type: Web or DNS. A Web policy destination list is used only with the Web policy.
You can add Web policy destination lists to a Web policy rule only when the rule action is block or allow, not warn. Umbrella applies the rule action—block or allow—to the destination lists in the rule. Once you add a Web policy destination list to a rule the following applies:
- Allow destination lists always take precedence over block destination lists.
- Allow lists take precedence over security-related blocks. Thus, if a domain is being blocked incorrectly, adding it to an allow rule allows access. For example:
- Blocking domain.com and adding mail.domain.com to the Allow List will still allow mail.domain.com.
- Adding domain.com to the Allow List and blocking sub.domain.com will still allow sub.domain.com.
- Adding domain.com to a block list, and mail.domain.com to an Allow list, assuming both lists are applied to the same policy, results in Umbrella allowing access to mail.domain.com.
Always add domains in the format "domain.com" rather than www.domain.com to ensure *.domain.com is included (a wildcard is implicit). However, if you only wish to block subdomain.domain.com, then be more specific when you define the entry here.
Note: Destination lists accept domain names encoded in Punycode. For more information, see Add Punycode Domain Name to Destination List.
- Full admin access to the Umbrella dashboard. See Manage User Roles.
- Navigate to Policies > Policy Components > Destination Lists and click Add.
- Give your destination list a good descriptive List Name.
- From the Policy Type drop-down list, choose Web Policy.
- Add destinations—Domain, URL, IPv4, and CIDR.
Instead of adding destinations one at a time, you can bulk upload destinations through a text file. For more information, see Add Destinations in Bulk.
- Click Save.
This new Web policy destination list is now available for selection when you add rules to a ruleset for the Web policy.
Updated about 20 hours ago