Umbrella's intelligent proxy intercepts and proxies requests for URLs, potentially malicious files, and domain names associated with certain uncategorized or "grey" domains. Enabling the intelligent proxy allows you to protect your devices even beyond your corporate network. It also scales with the internet, without sacrificing security or speed.

Prerequisites

• Full admin access to the Umbrella dashboard. See Manage User Roles.
• For SSL decryption, the Cisco Umbrella root certificate must be installed. See Install the Cisco Umbrella Root Certificate.

Procedure

1. Navigate to Policies > Management > DNS Policies and click Add or expand an existing policy.

2. Navigate to Advanced Settings.
   Advanced Settings is accessed from the first page of the Policy wizard or the Summary page.

3. Under Advanced Settings, toggle on Enable Intelligent Proxy.

4. Optionally, select SSL Decryption.
   Allows the intelligent proxy to inspect traffic over HTTPS and block custom URLs in destination lists.
   When selected, the following are also available:
   • Root Certificate—You must download and install the Cisco Umbrella root certificate to all computers. Without this certificate, HTTPS and SSL connections will break.
     a. Expand Root Certificate and click Download Certificate.
     b. Install the certificate. For more information, see Install the Cisco Umbrella Root Certificate.
   • Selective Decryption—Create a list of DNS content categories to exclude from inspection by the intelligent proxy.
     a. Expand Selective Decryption and click Create List.
     b. Select content categories to exempt from being proxied—inspected—and click Save.
     Note: The categories Terrorism, Internet Watch Foundation, and German Youth Protection are excluded from this list and are always proxied.

5. Click Save or Next.
   To disable the intelligent proxy for testing, or for a group of users, simply un-toggle the option and apply changes.

Manage the Intelligent Proxy < Enable the Intelligent Proxy > Test the Intelligent Proxy