Test the Intelligent Proxy
Once you have applied the DNS policy with the intelligent proxy enabled to an identity, test it.
Prerequisites
- A DNS policy with the intelligent proxy enabled is applied to an identity.
Procedure
- Navigate to http://proxy.opendnstest.com/.
- Follow the instructions on the page to see how Umbrella can block an image within an otherwise good website, or block entire websites using the intelligent proxy.
Expand Allowed URL & blocked page content to see how the Intelligent Proxy blocks malicious elements or files within otherwise good domains.
If you find that the test site indicates you are not using the intelligent proxy, check to make sure the identity you are using has intelligent proxy capabilities enabled in the policy that applies to it.
To determine if a domain is being resolved to the intelligent proxy, and then being proxied, perform a lookup of the domain from an identity using the proxy.
If the IP address of "domain.com" comes back with an IP address within the ranges: 146.112.0.0/16, 151.186.0.0/16, 155.190.0.0/16, 204.194.232.0/21, 208.67.216.0/21, 208.69.32.0/21, or 67.215.64.0/19, then it is being directed through the intelligent proxy. To avoid this from happening, specifically add this domain to an allow list or the global allow list for your organization.
Note: We also do not proxy traffic on non-standard ports for web traffic. This means that traffic to a proxied domain that is on a port other than 80 or 443 will be dropped when it reaches the proxy. If you wish to prevent this, add the domain to a global allow list.
Enable the Intelligent Proxy < Test the Intelligent Proxy > Test Selective Decryption
Updated about 1 year ago