Jump to Content
Guides
Umbrella for Government DNS User Guide
Umbrella for Government SIG User Guide
Umbrella User Guide
Partner Console Documentation
MSP User Guide
Cloudlock Documentation
Umbrella SIG User Guide
Guides
Managed Services Console User Guide
ISP Deployment
Product
Developer
Partner
Personal
Guides
Product
Developer
Partner
Personal
Umbrella SIG User Guide
Guides
Prerequisites
Search
Cisco Umbrella SIG User Guide
Welcome to Cisco Umbrella
Start Protecting Your Systems
Find Your Organization ID
Determine Your Current Package
Umbrella Policies Overview
SWG Data Centers
Reserved IP
Reserved IP Supplemental Terms
Reserved IP Supplemental Terms - Archived
View Cloud Security Service Status
Contact Umbrella Support
Password Policy FAQs
Get Started
Set Up DNS-Layer Security
Point Your DNS to Cisco Umbrella
Set Up Web Security
Configure the Secure Web Gateway
Uninstalling Umbrella
Umbrella Integration with Secure Web Appliance
Hybrid Policy
Hybrid Reporting
Configure Web Policies and Destination Lists
Policy Features
Limitations and Range Limits
Data Retention
Average Bandwidth
Manage Identities
Add a Network Identity
Delete a Network Identity
Identity and SIG Deployment
Add a Network Device
Delete a Network Device
Find the Total Number of Identities in Your Organization
Manage Domains
Add Internal Domains
Add External Domains and IPs
Bulk Upload External Domains and IPs
Wildcards and Domain Management
Manage DNS Policies
Add a DNS Policy
Test a DNS Policy
DNS Policy Settings
DNS Policy Precedence
Best Practices for DNS Policies
Enable SafeSearch for DNS Policies
Group Roaming Computers with Tags
Manage the Web Policy
Add a Ruleset to the Web Policy
Add Rules to a Ruleset
Test the Web Policy
Web Policy Precedence
Best Practices for the Web Policy and Rulesets
Manage Global Settings
Confirm SafeSearch for a Web Policy Ruleset
Understand Isolated Destinations
Monitor Bandwidth Usage in the App Discovery Report
Manage the Data Loss Prevention Policy
Add a Real Time Rule to the Data Loss Prevention Policy
Understand Exclusions in a Real Time Rule
Supported Applications
Add a SaaS API Rule to the Data Loss Prevention Policy
Discovery Scan
Edit a Data Loss Prevention Rule
Delete a Data Loss Prevention Rule
Enable or Disable a Data Loss Prevention Rule
Supported File and Form Types
Manage the Firewall Policy
Add a Firewall Rule
Add an FQDN List to a Firewall Rule
Bypass SWG using FQDN
Delete a Firewall Rule
Configure IPS Settings for Firewall Policy
Change a Firewall Priority
Monitor Hit Count
Edit Hit Count
Review Firewall Logs in Reports
Check Protocol of Firewall Traffic
Manage IPS
Add a Custom Signature List
Delete a Custom Signature List
Reset a Signature's Action
Manage Security Settings
Add a DNS Security Setting
Add a Web Security Setting
Dispute a Security Categorization
DNS Security Categories
Web Security Categories
Third-party Security Integrations
Set Up Custom Integrations
Custom Integration Best Practices
Manage Content Categories
Add a DNS Content Category Setting
Legacy DNS Content Category Definitions
DNS Content Categories
DNS Content Category Changes
Add a Web Content Category Setting
Web Content Categories
Web Content Category Name Changes
Migrate Content Categories
Dispute a Content Categorization
View Content Categories in Reports
Manage Data Classifications
Create a Data Classification
Copy and Customize a Built-In Data Classification
Delete or Edit a Classification
Create an Exact Data Match Identifier
Index Data for an EDM
Exact Data Match Field Types
Create an Indexed Document Match Identifier
Built-In Data Classifications
Built-In Data Identifiers
Copy and Customize a Data Identifier
Create a Custom Identifier
Custom Regular Expression Patterns
Individual Data Identifiers
Manage Application Settings
Add a DNS Application Setting
Add a Web Application Setting
Delete an Application Setting
Application Categories
Manage Advanced App Controls
Manage Tenant Controls
Add a Tenant Controls Setting
Control Cloud Access to Microsoft 365
Control Cloud Access to Google G Suite
Control Cloud Access to Slack
Control Cloud Access to Dropbox
Review Tenant Controls Through Reports
Manage Destination Lists
Add a DNS Destination List
Add a Web Destination List
Add a SAML Bypass Destination List
Edit a Destination List
Add Destinations in Bulk
Download Destinations to a CSV File
Control Access to Custom URLs
Wildcards and Destination Lists
Add Top-Level Domains To Destination Lists
Add Punycode Domain Name to Destination List
Test Your Destinations
Troubleshoot DNS Destination Lists
Manage File Analysis
Enable File Inspection for DNS Policies
Enable File Inspection for the Web Policy
Enable Cisco Secure Malware Analytics (Threat Grid)
Test File Inspection
Troubleshoot File Inspection
Manage File Type Control
Enable File Type Control
File Types to Block
Review File Type Controls Through Reports
Manage Selective Decryption
Add a Web Selective Decryption List
Enable Certificate Error Handling
Manage Schedule Settings for the Web Policy
Add a New Schedule Setting for the Web Policy
Manage Certificates
Install the Cisco Umbrella Root Certificate
Add Customer CA Signed Root Certificate
Delete Customer CA Signed Root Certificate
View Cisco Trusted Root Store
Manage the Intelligent Proxy
Enable the Intelligent Proxy
Test the Intelligent Proxy
Test Selective Decryption
Review the Intelligent Proxy Through Reports
Enable SSL Decryption
Test SSL Decryption
Manage Umbrella's PAC File
Deploy Umbrella's PAC File for Windows
Deploy Umbrella's PAC File for Mac
Upload Custom PAC Files to Umbrella
Manage Proxy Chaining
Forwarded-For (XFF) Configuration
Customize Block and Warn Pages
Create a Custom Block Page
Create a Custom Warn Page
Allow Users to Contact an Administrator
Add a Custom Logo
Redirect to a Custom Block Page
Block Page IP Addresses
Set Up a Block Page Bypass User
Create a Block Page Bypass Code
Enable Block Page Bypass in a Policy
Manage Tunnels
Check Device Compatibility
Add Network Tunnel Identity
Supported IPsec Parameters
Connect to Cisco Umbrella Through Tunnel
Monitor Network Tunnel Status
Network Tunnel Configuration
Configure Tunnels with Catalyst SD-WAN cEdge and vEdge
Configure Tunnels Automatically with Catalyst SD-WAN cEdge and vEdge
Configure Tunnels with Meraki MX – Option 1
Configure Tunnels with Meraki MX – Option 2
Configure Tunnels with Cisco Adaptive Security Appliance (ASA)
Configure Tunnels with Cisco ISR
Configure IKEv2 IPsec Tunnel with Umbrella
Configure Tunnels Automatically with Cisco ASA and CDO
Configure Tunnels with Cisco Secure Firewall
Configure Tunnels with Palo Alto IPsec
Configure Tunnels with Alibaba Cloud IPsec
Configure Tunnels with Palo Alto Prisma SDWAN
Configure Tunnels with Cisco Router in AWS
Configure Tunnels with Azure IPsec
Configure Tunnels with Oracle Cloud IPsec
Configure Tunnels with Google Cloud Platform IPsec
Configure Tunnels with Sophos XG IPsec
Configure Tunnels with Silver Peak
Configure Tunnels with Fortinet IPsec
Configure Tunnels with Checkpoint GAiA
Configure Tunnels with NEC IX2000/3000 Series Router
Manage Accounts
Add a New Account
Delete an Account
Change Account Settings
Hide Identities with De-identification
Manage User Roles
Add a New User
Add a Custom User Role
Manage API Keys
Add Umbrella API Keys
Add Umbrella Legacy API Keys
Add Static API Keys
Add KeyAdmin API Keys
Manage Your Logs
Upgrade Reports
Enable Logging to Your Own S3 Bucket
Enable Logging to a Cisco-managed S3 Bucket
Change the Location of Event Data Logs
Stop Logging
Delete Logs
Log Formats and Versioning
Reports and CSV Formats
Admin Audit Log Formats
Cloud Firewall Log Formats
Data Loss Prevention (DLP) Log Formats
DNS Log Formats
IPS Log Formats
Web Log Formats
Manage Authentication
Enable Two-Step Verification
Disable Two-Step Verification
Enable Cisco Security Cloud Sign On
Disable Cisco Security Cloud Sign On
Get Started with Single Sign-On
Enable SSO with Duo
Enable SSO with PingID
Enable SSO with Okta
Enable SSO with OneLogin
Enable SSO with Azure
Enable SSO with Other IDPs
Manage Secure ICAP
Manage Cloud Malware Protection
Enable Cloud Malware Protection
Revoke Authorization for a Platform
Enable Cloud Malware Protection for AWS Tenants
Enable Cloud Malware Protection for Azure Tenants
Enable Cloud Malware Protection for Box Tenants
Enable Cloud Malware Protection for Dropbox Tenants
Enable Cloud Access Security Broker Features for Google Drive Tenants
Enable Cloud Access Security Broker Features for Microsoft 365 Tenants
Enable Cloud Malware Protection for ServiceNow Tenants
Enable Cloud Malware Protection for Slack Tenants
Enable Cloud Malware Protection for Webex Teams Tenants
Manage SaaS API Data Loss Prevention
Enable SaaS API Data Loss Protection for AWS Tenants
Enable SaaS API Data Loss Protection for Azure Tenants
Enable SaaS API Data Loss Protection for Box Tenants
Enable SaaS API Data Loss Protection for Dropbox Tenants
Enable SaaS API Data Loss Protection for Google Drive Tenants
Enable SaaS API Data Loss Protection for Microsoft 365 Tenants
Enable SaaS API Data Loss Protection for ServiceNow Tenants
Enable SaaS API Data Loss Protection for Slack Tenants
Enable SaaS API Data Loss Protection for Webex Teams Tenants
Identity Integrations
Introduction
Configure SAML Integrations
Prerequisites
SAML Certificate Renewal Options
Configure Azure AD for SAML
Configure Okta for SAML
Configure AD FS for SAML
Configure Duo Security for Cisco Umbrella SAML
Configure PingID for SAML
Configure OpenAM for SAML
Configure Other IdPs for SAML
Enable IP Surrogates for SAML
Configure SAML for Multiple EntityIDs
Provision Identities from Active Directory
Prerequisites for AD Connectors
Configure Authentication for AD Connectors and VAs
Configure Updates on AD Connector
Connect Active Directory to Umbrella
Deploy LDIF Files for AD Connector
View AD Components in Umbrella
Connect Multiple Active Directory Domains to Umbrella
Change the Connector Account Password
Communication Flow and Troubleshooting
Provision Identities Through Manual Import
Provision Identities from Microsoft Entra ID
Provision Identities from Okta
Active Directory Integration with Virtual Appliances
Prerequisites for AD Integration with VAs
Configure Active Directory User Exceptions
Prepare Your Active Directory Environment
Connect Active Directory to Umbrella VAs
Multiple Active Directory and Umbrella Sites
Change the Connector Account Password
Communication Flow and Troubleshooting
Reports
Get Started with Reports
Export Report Data to CSV
Bookmark and Share Reports
Report Retention
Schedule Reports
Schedule a Report
Update a Scheduled Report
Overview Report
Security Activity Report
View Activity and Details by Filters
View Activity and Details by Event Type or Security Category
View an Event's Details
Search for Security Activity
Activity Search Report
Use Search and Advanced Search
App Discovery Report
View the Highest Risk Apps
Review Apps in the Apps Grid
View App Details
Change App Details
Control Apps
Advanced App Controls
View Traffic Data Through SWG
View CDFW Events
Top Threats Report
Threat Type Details
Threat Type Definitions
Total Requests Report
Activity Volume Report
Top Destinations Report
Destination Details
Top Categories Report
Category Details
Top Identities Report
Identity Details
Admin Audit Log Report
Export Admin Audit Log Report to an S3 Bucket
Cloud Malware Report
Data Loss Prevention Report
Third-Party Apps Report
View App Details
Manage Roaming Client
Introduction
Prerequisites
Download and Install the Roaming Client
Verify Roaming Client Operation
Configure DNS Policies for Roaming Computers
Identity Support for the Roaming Client
Status, States, and Functionality
Virtual Appliances
Troubleshooting
Domain Management
Configure Protected Networks for Roaming Computers
Roaming Computers Settings
Encryption and Authentication
Command-line and Customization for Installation
Remote Logging and Diagnostics
macOS Mobile Device Management
Umbrella Roaming Security: Cisco Secure Client
Introduction
Umbrella Roaming Security: Cisco Secure Client (formerly AnyConnect)
Prerequisites
Deploy Umbrella module in Cisco Secure Client
Manual Installation of Cisco Secure Client (Windows and macOS)
Mass Deployment Overview
Mass Deployment (Windows)
Customize Windows Installation of Cisco Secure Client
Mass Deployment (macOS)
Customize macOS Installation of Cisco Secure Client
VPN Headend Deployment
Migration from Umbrella Roaming Client
Install the Root Certificate
Automatic Updates
Cloud Management
Additional References
Remote Monitoring and Management Deployment Tutorials
Meraki Systems Manager (SM) Deployment
Enable the Umbrella SWG Agent
IPv4 and IPv6 DNS Protection Status
Interpret Diagnostics
Active Directory Policy Enforcement and Identities
Virtual Appliances
Domain Management
Configure Protected Networks for Roaming Computers
Roaming Computer Settings
Manage Virtual Appliance
Introduction
Prerequisites
Deployment Guidelines
Importance of Running Two VAs
Deploy Virtual Appliances
Configure Authentication for Virtual Appliances
Deploy VAs in Hyper-V for Windows 2012 or Higher
Deploy VAs in VMware
Deploy VAs in Microsoft Azure
Deploy VAs in Amazon Web Services
Deploy VAs in Google Cloud Platform
Deploy VAs in KVM
Deploy VAs in Nutanix
Deploy VAs in Alibaba Cloud
Configure Virtual Appliances
Local DNS Forwarding
Reroute DNS
Update Virtual Appliances
Virtual Appliance Sizing Guide
SNMP Monitoring
Troubleshoot Virtual Appliances
Other Configurations
Sites and Internal Networks
Internal Networks Setup Guide
Provision a Subnet for Your Virtual Appliance
Manage Sites
Manage Internal Networks
Assign a DNS Policy to Your Site
Managed iOS Device
Cisco Security Connector: Umbrella Setup Guide
Quick Start
Meraki Registration
Verify Umbrella with Meraki
Meraki Documentation
IBM MaaS360 Registration
Intune Registration
Jamf Registration
MobiConnect Registration
MobileIron Registration
MobileIron Configuration
Workspace ONE Registration
Register an iOS Device Through a Generic MDM System
Apply a DNS Policy to Your Mobile Device
Umbrella Reporting
Add User Identity for Cisco Security Connector
Anonymize Devices
Export Device Data to CSV
Troubleshooting
Push the Umbrella Certificate to Managed Devices
Configure Cellular and Wifi Domains
Managed Android Device
Cisco Secure Client (Android OS)
Deploy the Android Client
Android Configuration Download
Cisco Meraki MDM
MobileIron MDM
VMware Workspace ONE
Microsoft Intune MDM
Samsung Knox MDM
Push the Umbrella Certificate to Managed Devices
Manage Pop-Ups and App Controls
Manage Identities
Export Device Data to CSV
Troubleshooting
Frequently Asked Questions
Unmanaged Mobile Device Protection
Umbrella Unmanaged Mobile Device Protection
Administrator Actions
End-User Actions
Cisco Security for Chromebook Client
Get Started
Migration Scenarios
Prerequisites
Limitations
Google Workspace Identity Service
Integrate Google Workspace Identities
Deploy the Chromebook Client
Bypass Internal Domains from DNS-over-HTTPS (DoH)
Enable Reporting for Private IP Address of Chromebook Device
Export Device Data to CSV
Verify and Debug
Protection Status
Chromebook-Specific DNS Policy
Chromebook-Specific Web Policy
Chromebook Client - FAQs
Google Workspace Identity Service FAQs
Hardware Integration
Integration for ISR 4K and ISR 1100 – Security Configuration Guide
Create a Legacy Network Devices API Token
Wireless LAN Controller Integration
Meraki Cloud-Managed Networks and Umbrella DNS
Set Up Umbrella for a Meraki Network
Configure DNS Forwarder for Umbrella
Mobility Express Integration
Configure Mobility Express for Umbrella
Cisco SD-WAN Powered by Catalyst SD-WAN and Umbrella
Integration for RV-series Routers
Cisco Catalyst 9200 and Catalyst 9300 Switches
Cisco DNA Center
Cisco Secure Firewall
Cisco Adaptive Security Appliances (ASA)
Integration for ASA Overview
Prerequisites
Import the Digicert Certificate Authority
Configure the Umbrella Connector
Verify Operation
Monitor the Umbrella Connector
Delete an ASA
Suggest
