Skip to main content
Cisco Meraki

Cisco+ Secure Connect - Manage DNS Policies

Manage DNS Policies

Presently DNS policies are being configured on the Cisco Umbrella dashboard and need to navigate to Umbrella dashboard from Cisco+ Secure Connect

Screen Shot 2022-06-02 at 10.06.35 PM.png

Please go to DNS Policies page on Cisco Umbrella document for more details


Policies are the heart of Umbrella and define how security and access controls are applied to identities. Through policies, you determine whether traffic is inspected and either blocked or allowed. A DNS policy provides DNS-layer visibility, security, and enforcement with the ability to selectively proxy risky domains for added security.

Plan Before You Start

Plan your policies. Before you start implementing policies, we recommend that you read through these policy sections of our documentation in full. Decide before you start as to how your policies will define how security and access controls are applied to your identities.

You can have more than one DNS policy and your identities can be added to any number of policies. However, Umbrella applies the first matching policy to your identity and immediately stops evaluating policies. If no matching policy is found, Umbrella applies the DNS default policy. Because of the way Umbrella evaluates identities against policies, it's important that you configure policies correctly for each of your organization's identities. An error in configuration may result in unintended results: identities being left unprotected to various threats or users accessing destinations you may want blocked. Plan and design your policies before you build them. For some helpful suggestions, see Best Practices for DNS Policies.

There is always at least one policy—the Default policy. This default policy applies to all identities and cannot be deleted—you can, however, configure it to meet your organization's unique requirements. The default policy is applied to an identity when no other policy matches that identity. Thus, the Default policy is a catch-all to ensure that all identities within your organization receive at least a minimum of Umbrella protection.

You create DNS policies through the Policy wizard, which is made up of two parts. In the first part of the wizard, you select the identities to which the policy applies and select which components should be enabled and configured for the policy. In the second part of the wizard, you configure each component of the policy that was selected in part one of the wizard. These components are made available as steps in the wizard. Once the new policy is saved, it may take upwards of five minutes for the policy to replicate through Umbrella’s global infrastructure and start taking effect.


For quick hyperlinks to configure DNS Policy:

Add a DNS Policy

Test a DNS Policy

DNS Policy Precedence

Best Practices for DNS Policies

Enforce SafeSearch for DNS Policies

Group Roaming Computers with Tags



  • Was this article helpful?