Content Categories organize websites into categories based on the type of information served; for example, gambling, social networking, or alcohol. You can limit identity access to web sites by selecting categories you want Umbrella to block. As well as configuring content categories within the DNS policy wizard, you can create a DNS Content Category list outside of the DNS policy wizard. Once saved, this DNS Content Category list is globally available to all of your DNS policies. This saves you the time of having to make the same selections multiple times when adding multiple DNS policies.
When adding a DNS policy and selecting content categories from within the policy wizard, there are multiple levels of protection from which you can choose: High, Moderate, Low, and Custom. Categories included in the High, Moderate, and Low levels are predetermined and cannot be changed. Custom includes all levels—High, Moderate, and Low as well as categories unique to Custom.
DNS content categories only classify at the domain layer. This means that if a domain contains multiple types of content a DNS policy can only block what the domain was categorized at, irrespective of what other types of content might be served in that domain. For example:
- www.example.com is categorized as Online Communities
- www.example.com/sports is categorized as Sports
- www.example.com/adultimages is categorized as Adult
A DNS policy configured to block Online Communities blocks the entire domain of www.example.com, but even if it is configured to block Sports or Adult instead of Online Communities it does not block access to these underlying URLs. This is because DNS only works at the domain layer. However, a Web policy configured to block Online Communities and Adult allows access to www.example.com/sports because of URL-layer classification. Therefore, when creating a blend of Web and DNS policies to be applied to the same set of identities, content settings are more granular when enforced by Web policies than DNS policies and because web content is served over the web protocol, it is more pertinent to enforce content settings with a Web policy than a DNS policy whenever possible.
- Navigate to Policies > Policy Components > Content Categories and click Add.
- Give your custom Content Category list a good descriptive name and choose DNS Policies.
- Select content categories to block and then click Save.
For a list of all DNS categories and a description for each, see DNS Content Category Settings.
Your new custom Content Category list is now available for selection when you add a DNS policy.
Updated 2 months ago