Edit Umbrella DNS Policies and Rules

Refresh the Umbrella Protection Policy

If you want to get the latest Umbrella Protection Policy from Cisco Umbrella, click the Refresh icon next to Umbrella Protection Policy Last Updated.

To configure or modify Umbrella Connection settings for the Management Center, go to Integration > Other Integrations > Cloud Services > Cisco Umbrella Connection.

• Umbrella Protection Policy—Specify the name of the Cisco Umbrella policy to apply to the device.

• Bypass Domain—Specify the name of the local domains for which DNS requests should bypass Cisco Umbrella and instead go directly to the configured DNS servers.

  For example, you can have your internal DNS server resolve all names for the organization's domain name on the assumption that all internal connections are allowed.

• DNSCrypt— Enable DNSCrypt to encrypt connections between the device and Cisco Umbrella.

  Enabling DNScrypt starts the key-exchange thread with the Umbrella resolver. The key-exchange thread performs the handshake with the resolver every hour and updates the device with a new secret key. As DNScrypt uses UDP/443, you must ensure that the class map used for DNS inspection includes that port. Note that the default inspection class already includes UDP/443 for DNS inspection.

• Idle Timeout—Configure the idle timeout after which a connection from a client to the Umbrella server will be removed if there is no response from the server.