• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • Navigation-dropdown-promo-threat-report_020521
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Security

Best Practices for Effective Policies

By Kara Drapala
Posted on July 7, 2015
Updated on April 15, 2020

Share

Facebook0Tweet0LinkedIn0

Security dashboards can be daunting. A quick Google image search reveals JPEG after JPEG of tiny font, obscure graphs, and things that go pewpew—cool, but not immediately intuitive. At OpenDNS, our user experience team strives to make the Dashboard easy to use and simple to manage, a task that begins as soon as you create an account and begin making policies.

However, even the simplest tools come with pro tips, and the OpenDNS Dashboard is no exception. Below, we outline the two most important tips to keep in mind as you navigate the policy creation process, with help from Technical Support Engineer Alexander Harrison.

For best results, use only the ‘Policies’ tab

Screen Shot 2015-07-07 at 11.03.12 AM
Screen Shot 2015-07-07 at 11.05.06 AM

When you first log in to the Dashboard and visit the Configuration tab, you’ll notice a series of tabs on the left-hand side of the screen. These tabs detail different policy and option settings, which can help you manage your users, but Harrison suggests a different approach.

“When I’m setting up a policy in the Dashboard, I usually stay away from Policy Settings and Block Page Settings, at least to start out,” Harrison said. “I almost forget those options are there. I do everything from the Policy Editor itself (the Policies tab, as highlighted in the image above), because it keeps everything in one place.”

The Policy Editor, shown below, contains tabs for most of the same settings represented in sidebar shown above to the right:

“The Policy Settings tab is mainly useful if you have multiple policies,” Harrison said. He went on to say that the Policy Settings tab allows admins to quickly find specific domain lists, instead of finding the policy the domain list applies to, saving time and effort when adjusting the lists.

Block Page Settings provides an excellent example of the benefits of using the Policy Editor. If you create a new user from the sidebar Block Page Settings menu, an extra step must also be taken in the Policy Editor to enable this bypass user—whereas the same user created through the Policy Editor is applied to the policy immediately.

There is a comprehensive guide to creating policies using just the Policy Editor. Looking for a tl;dr? Harrison suggests that admins who need to get policies up and running quickly go directly to step 2, section b, which covers security settings.

Policy execution order matters

Policy
policy gif

If you have already created your policies in the Dashboard, you may feel like you’ve got everything covered. However, there is one more tip that is imperative to keep in mind: your policy order. Below, you can see the Policy Editor view. On the left hand side, you can see an arrow pointing downward. This is actually a guideline for creating policies that stack appropriately, ensuring that the correct policies are applied to the correct groups, users, and networks.

According to the policy ordering tutorial, “Policies are applied based on a ‘first match’ methodology which follows a top to bottom execution order. Therefore, only the top-most policy that matches a user’s Identity will be applied, and all subsequent lower matches will be ignored.”

What does that mean exactly? Harrison explains: “You want to build your catch-all policies first, and then put more specific policies above them, because if you build it upside-down with the biggest policy up top, you’re never going to use the more specific settings.” He continued, “AD users and such represent those more specific policies, followed by groups of AD users, and your network is the catch-all. But if you have the network policy up top in the policy order, it will cover everything, and your more specific policies won’t be applied.

“Several people might say, ‘Oh, I can add my users to a few policies and it will stack.’ While in reality, it’s just ‘the first coin to hit the sorter applies,’ so to speak.”

Once you’ve worked out the order your policies should be stacked, adjusting them is simple, just click and drag:

Attention to detail goes a long way

In addition to these two takeaways, one idea Harrison wanted to emphasize was attention to details in the Dashboard, such as hitting “Save” or “Allow” when creating settings.

“The policy creation system and policy execution order are probably the two most important things to keep in mind when you’re working in this pane,” Harrison said. “However, there are a lot of problems that can be mitigated by ensuring that you cross your T’s and dot your I’s.”

If you have any further questions about navigating the OpenDNS Dashboard, our Knowledge Base can provide a thorough walkthrough of setup. Or, you can reach our world-class support team here.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella