After setting up Umbrella, we recommend that you check your configured Umbrella Web policy. You can evaluate a Web policy with File Inspection enabled by pointing your browser to one of our test files.
Note: To only evaluate a Web policy, you must disable all Umbrella DNS security categories for your identities.
- A device enrolled in an Umbrella policy with File Inspection enabled.
- Browse to one of the Umbrella EICAR test files.
|http://proxy.opendnstest.com/download/eicar.com||Cisco Umbrella clear text test file.|
|https://ssl-proxy.opendnstest.com/download/eicar.com||Cisco Umbrella encrypted test file.|
|http://proxy.opendnstest.com/download/AMP_TEST_FILE.txt||Cisco AMP clear text test file.|
|https://ssl-proxy.opendnstest.com/download/AMP_TEST_FILE.txt||Cisco AMP encrypted test file.|
- After loading a File Inspection test file, you should see a block page. Diagnostic information includes details about which server the file went through. If you do not see a block page, see Troubleshoot File Inspection.
The Umbrella block page diagnostic information identifies the hostname of the reputation authority. When proxying a domain or URL, Umbrella evaluates the destination in two phases.
- Umbrella receives a request and checks the reputation of the domain or URL. If the destination is known to be malicious, Umbrella blocks the request and displays a block page. The block page diagnostic information lists the
- Next, Umbrella checks if a destination matches a security category or is blocked by a rule in the Web policy. If a destination is not blocked, then Umbrella retrieves any requested content from the URL. Umbrella scans the requested files by file inspection (antivirus and AMP). If a file is malware, Umbrella returns a block page. The block page diagnostic information lists the
Updated 12 months ago