Test a DNS Policy
The Umbrella Policy tester is only available for DNS policies.
The Umbrella Policy Tester lets you test your DNS policies to determine if they are working as intended without having to test them from the computer, network, or identity to which your policies are applied. The Umbrella Policy Tester works by determining if specified identities can reach specified destinations based on current policy settings. Before running a test determine what your expected results are so you can check them against actual results. For example, was the identity blocked from reaching the specified website as expected or was the website reached?
There are a few circumstances under which the Policy Tester will not return accurate (or any) information for a given destination. For more information, see Limitations of the Umbrella Policy Tester.
Prerequisites
- A minimum of Read Only access to the Umbrella dashboard. See Manage User Roles.
Procedure
The Policy Tester is only able to test against domains as destinations. IP addresses and CIDR ranges are not supported and do not return results.
- Navigate to Policies > Management > DNS Policies and click Policy Tester.
- Add Identities, a Destination, and then click Run Test.
Note: The destination must be a fully qualified domain name. IP Addresses and URLs are not supported.
- Results include:
- Triggered Identity—The identity that has triggered the result. This is important if there is more than one identity specified.
- Destination—Destination the test has attempted to reach.
- Result—Blocked or allowed. If blocked, it also lists why. The reasons include security settings, category settings, and domain lists. Also, the name of the setting is listed.
- Destination List/Security Settings/Category Settings—For blocked results only. The name of the setting or destination list that caused the block.
- Categorization—Umbrella's categorization of the destination. If there is no match, then this information does not appear.
- Policy Applied—The name of the policy against which the identity was evaluated.
Add a DNS Policy < Test a DNS Policy > DNS Policy Precedence
Updated about 1 year ago