Skip to main content
Cisco Meraki

Cisco Meraki and Umbrella Integration - MR Advanced/Upgrade License

Overview

The Meraki MR Advanced + Upgrade Licenses with Cisco Umbrella integration enables Meraki administrators to assign predefined Umbrella content filtering and security policies to an SSID or group policy directly from the dashboard, and removes the need to integrate with an existing Umbrella dashboard or Umbrella account. Once Umbrella policies are assigned, all DNS requests from wireless clients will be intercepted by the upstream MR access point and redirected to Cisco's Umbrella DNS resolvers for evaluation. That DNS lookup either resolves successfully, allowing the client to connect to the requested web page, or gets blocked, which redirects the client to an Umbrella block page.

Prerequisites

In order to use the new MR Advanced & Upgrade License Umbrella integration, the following prerequisites must be met:

  • The organization where the integration will be used must have the Meraki Per-Device Licensing (PDL) model enabled 

  • Each network using the integration must have a valid MR Advanced or MR Upgrade + device (Enterprise) license assigned for every access point

  • The network must be set to MR 26.1+ firmware.

 

There are two types of MR licenses that can enable the Meraki Umbrella integration: MR Advanced (LIC-MR-ADV-XX) and MR Upgrade (LIC-MR-UPGR-XX)

  • The MR Advanced license includes a device (Enterprise) license for an MR access point in addition to the Umbrella add-on license, which enables Umbrella functionality on that access point. This license is generally purchased for licensing a new MR access point that does not already have a license.
  • The MR Upgrade license is considered an add-on license and only enables Umbrella functionality. It can only be assigned to MR access points with an active device (Enterprise) license. This license is generally purchased for MR access points that already have a basic enterprise license (not enabled for Umbrella).
    • If purchased and assigned together, MR Upgrade and MR device (Enterprise) licenses will share an expiration date. If purchased and assigned separately, they can have different expiration dates. Sets of "one-day licenses" can be used to “true-up” two licenses (make expiration dates the same) with different expiration dates. You can learn more about the PDL model in the Meraki Per-Device Licensing Overview document.
    • Note that if a device (Enterprise) license expires before the MR Upgrade license does, the Umbrella functionality will stop working on that access point. The reverse is true as well. If an MR Upgrade license expires before a device (Enterprise) license does, the Umbrella functionality will stop working on that access point, however, the access point will still continue to function without Umbrella features.

 

Note that MR Advanced and MR Upgrade licenses can only be used on organizations using the Meraki Per-Device Licensing model. If you attempt to claim an order containing Meraki MR Advanced and/or Meraki MR Upgrade license(s) into an organization using co-termination licensing, the PDL conversion workflow triggers (see below). After the conversion to PDL completes, you have the ability to claim the order containing MR Advanced or MR Upgrade licenses into your organization. This conversion to PDL licensing is permanent and cannot be reversed, so please exercise caution when confirming the PDL conversation workflow.

Free trials for Cisco Meraki and Umbrella Integration - MR Advanced/Upgrade Licenses are currently available with the following limitations:

  • Countries supported: the U.S. and Japan
  • Trial extensions will not be reflected in the dashboard; please work with your sales rep to get a new trial expiration date
  • There is not a 30-day grace period for free trials

 

All access points in the dashboard network must have a valid MR Advanced or MR Upgrade + device (Enterprise) licenses assigned. If some access points are missing these licenses, Umbrella functionality will be disabled for the entire dashboard network.

The MR Umbrella integration provides a single pane of glass experience for content filtering and security policies configuration and monitoring. 

Please note that because all configuration and monitoring is done in the Meraki dashboard, there is no access to a Cisco Umbrella dashboard as the integration is automatically provisioned, and only predefined policies in the Meraki dashboard will be used. 

A manual API key-based MR Umbrella integration can be used if you require more in-depth control or access to the Cisco Umbrella dashboard.

Claiming MR Advanced/Upgrade License(s) into a Co-Termination Organization

Note: If your organization already follows the Per-Device Licensing (PDL) model, this section should be skipped. You can claim your order containing MR Advanced or Upgrade licenses or license keys themselves by navigating to Organization > License Info and clicking the Add button in the top right corner.

 

To claim MR Advanced/Upgrade licenses into an organization using co-termination (co-term) licensing:

  1. Navigate to Organization > Inventory > Claim and type your Meraki order number.

 

Meraki-Umbrella1.png

 

  1. If your order contains Meraki MR Advanced and/or Meraki MR Upgrade license(s) and your organization uses the co-term licensing model, this addition triggers the PDL conversion flow. Click Next to proceed.

 

Meraki-Umbrella2.png

 

  1. Follow through the prompts by clicking Next.

 

Meraki-Umbrella3.png


 

Meraki-Umbrella4.png

 

  1. Read and understand the Supplemental End User License Agreement (PDF), confirm that you understand that the conversion process is irreversible by selecting the checkboxand proceed by clicking Next.

 

Meraki-Umbrella5.png

 

Note: The conversion process does not actually claim the order that triggered the conversion. Once the process is complete, please go ahead and claim your order or MR Advanced/Upgrade license keys themselves by clicking Done and following the prompts.

 

Meraki-Umbrella6.png

 

  1. Enter your order number or license key and click Next.

 

Meraki-Umbrella7.png

 

  1. Confirm that your order or license key is added successfully, click Next.

 

Meraki-Umbrella8.png


 

Meraki-Umbrella9.png

 

Creating a Dashboard Network and Assigning Access Points

Create a dashboard network if you do not have one. For detailed instructions, refer to the Creating and Deleting Dashboard Networks document.

Note: Access points with MR Advanced or MR Upgrade licenses can be added to either combined or wireless network types. However, if a network has a manual MX or MR Umbrella integration, that integration has to be disabled before setting up the MR Advanced & Upgrade License with Umbrella integration.

 

Meraki-Umbrella10.png

 

  1. Add access point(s) to your network.
  2. Navigate to Organization > Inventory > Devices > Add.

 

Meraki-Umbrella11.png

 

  1. Follow through the prompts by clicking Next.

 

Meraki-Umbrella12.png

 

Meraki-Umbrella13.png

 

  1. Assign your access point to a network:

 

Meraki-Umbrella14.png

 

Note: You can skip this step by clicking “Assign Later.” In this case, your access point will be added to the inventory instead.

 

  1. Click Done to finish the network assignment.

 

Meraki-Umbrella15.png

Assigning MR Advanced/Upgrade Licenses

In order for the MR Advanced/Upgrade License Umbrella integration to work, all access points (if there are more than one) in the dashboard network must have a valid MR Advanced or MR Upgrade + device (Enterprise) licenses assigned.

Assigning LIC-MR-ADV-XX / LIC-MR-UPGR-XX licenses from the Devices tab is not currently supported. Please utilize the Licenses tab as noted below.

 

Follow these steps to assign required licenses:

  1. Navigate to Organization > License Info > Licenses

  2. Check the box next to the desired license(s) in the list and select Assign licenses from the Actions menu. 

 

Meraki-Umbrella16.png

 

  1. Select a number of licenses you would like to assign and click Next.

 

Meraki-Umbrella17.png


 

Meraki-Umbrella18.png

Note: PDL model allows Meraki admins to move licenses between Meraki organizations within the same MSP portal without the help of Meraki Support. If you would like to enable the Cisco Meraki and Umbrella Integration with MR Advanced/Upgrade License in a different PDL organization, there are two options. 1) Move an unassigned MR Advanced/Upgrade license from the source organization to the destination organization, assign this license to an MR in the destination organization, and add this MR to a dashboard network. 2) Move an access point with MR Advanced/Upgrade License assigned from the source organization to the destination organization and add this MR to a dashboard network.

Upgrading MR Firmware

Upgrade your dashboard network to MR 26.X or later firmware version. For detailed instructions on upgrading your network firmware version, refer to the Managing Firmware Upgrades document.

Predefined Umbrella Policies in the Meraki Dashboard

There are seven predefined Umbrella policies, which consist of different combinations of security settings and content filtering.

Appropriate Filtering

  • Basic appropriate use filtering

  • Moderate appropriate use filtering

  • Full appropriate use filtering

 

Security & Appropriate Filtering

  • Security filtering only

  • Security & basic appropriate use filtering

  • Security & moderate appropriate use filtering (default)

  • Security & full appropriate use filtering

 

There are specific use cases for each of the three content filtering categories.

  • Basic appropriate use filtering is expected to be used in school environments. Students will be protected from viewing inappropriate content in the categories of German Youth Protection, Internet Watch Foundation, Pornography, Sexuality, and Tasteless, while still being allowed to do the necessary research for their classwork or homework.
     
  • Moderate appropriate use filtering is meant for the guest Wi-Fi use case. Content settings for this category will allow users to access common chat apps (e.g. Facebook Messenger, WhatsApp), file storage platforms (e.g. box.com, dropbox.com), photo sharing (e.g. instagram.com), social networking (e.g. facebook.com, twitter.com), and video sharing (e.g. youtube.com) while being blocked from visiting Drugs, Gambling, Hate/Discrimination, Lingerie/Bikini, Nudity, Pornography, Terrorism, Weapons, and other content categories that should not be accessed on a typical guest wireless network.
     
  • Full appropriate use filtering is targeting a corporate SSID use case with the most restrictive content policies. Corporate employees should not have access to categories like Alcohol, Chat, Dating, Drugs, Gambling, Games, Instant Messaging, Lingerie/Bikini, Nudity, Photo Sharing, Pornography, Social Networking, Video Sharing, and others. Custom exceptions can be configured for productivity categories like Chat (e.g. Slack), File Storage, and Webmail.

Security settings can be applied on top of these categories with Security & Appropriate Filtering policies.

Predefined Umbrella Policies Breakdown

Basic Appropriate Use Filtering

  • Security settings - none
  • Content filtering settings - block the following categories:
    • German Youth Protection

    • Internet Watch Foundation

    • Pornography

    • Proxy/Anonymizer

    • Sexuality

    • Tasteless

 

Moderate Appropriate Use Filtering

  • Security settings - none
  • Content filtering settings - block the following categories:
    • Adware

    • Alcohol

    • Dating

    • Drugs

    • Gambling

    • German Youth Protection

    • Hate/Discrimination

    • Internet Watch Foundation

    • Lingerie/Bikini

    • Nudity

    • Pornography

    • Proxy/Anonymizer

    • Sexuality

    • Tasteless

    • Terrorism

 

Full Appropriate Use Filtering

  • Security settings - none
  • Content filtering settings - block the following categories:
    • Adult Themes

    • Adware

    • Alcohol

    • Chat

    • Classifieds

    • Dating

    • Drugs

    • File Storage

    • Forums/Message Boards

    • Gambling

    • Games

    • German Youth Protection

    • Hate/Discrimination

    • Instant Messaging

    • Internet Watch Foundation

    • Lingerie/Bikini

    • Nudity

    • P2P/File Sharing

    • Photo Sharing

    • Pornography

    • Proxy/Anonymizer

    • Sexuality

    • Social Networking

    • Tasteless

    • Terrorism

    • Video Sharing

    • Visual Search Engines

    • Weapons 

    • Webmail

 

Security Filtering Only 

  • Security settings - block the following categories:
    • Malware
    • C&C Callbacks
    • Phishing Attacks
    • Cryptomining
  • Content filtering settings - none

 

Security & Basic Appropriate Use Filtering

  • Security settings - block the following categories:
    • Malware
    • C&C Callbacks
    • Phishing Attacks
    • Cryptomining
  • Content filtering settings - block the following categories:
    • German Youth Protection

    • Internet Watch Foundation

    • Pornography

    • Proxy/Anonymizer

    • Sexuality

    • Tasteless

 

Security & Moderate Appropriate Use Filtering

  • Security settings - block the following categories:
    • Malware
    • C&C Callbacks
    • Phishing Attacks
    • Cryptomining
  • Content filtering settings - block the following categories:
    • Adware

    • Alcohol

    • Dating

    • Drugs

    • Gambling

    • German Youth Protection

    • Hate/Discrimination

    • Internet Watch Foundation

    • Lingerie/Bikini

    • Nudity

    • Pornography

    • Proxy/Anonymizer

    • Sexuality

    • Tasteless

    • Terrorism

 

Security & Full Appropriate Use Filtering

  • Security settings - block the following categories:
    • Malware
    • C&C Callbacks
    • Phishing Attacks
    • Cryptomining
  • Content filtering settings - block the following categories:
    • Adult Themes

    • Adware

    • Alcohol

    • Chat

    • Classifieds

    • Dating

    • Drugs

    • File Storage

    • Forums/Message Boards

    • Gambling

    • Games

    • German Youth Protection

    • Hate/Discrimination

    • Instant Messaging

    • Internet Watch Foundation

    • Lingerie/Bikini

    • Nudity

    • P2P/File Sharing

    • Photo Sharing

    • Pornography

    • Proxy/Anonymizer

    • Sexuality

    • Social Networking

    • Tasteless

    • Terrorism

    • Video Sharing

    • Visual Search Engines

    • Weapons 

    • Webmail

Security Categories Definitions

  • Malware - Block requests to access servers hosting malware and compromised websites through any application, protocol, or port.

  • Command Control Callbacks - Prevent compromised devices from communicating with hackers' command and control servers through any application, protocol, or port, and help identify potentially infected machines on your network

  • Phishing Attacks - Protect users from fraudulent hoax websites designed to steal personal information

  • Cryptomining - Allows you to block identities from accessing known cryptomining pools where miners group together and share resources—processing power—to better gather and share cryptocurrencies, and from known web cryptomining source code repositories

Content Categories Definitions

  • Adult Themes—Sites that are adult in nature and are not defined in other rating categories
    Note: Select this category only if you want to be very restrictive on your network.

  • Adware—Sites that distribute applications that display advertisements without the user's knowledge or choice. It does NOT include sites that serve advertising

  • Alcohol—Sites about alcohol use, commercial and otherwise

  • Chat—Sites where you can chat in real time with groups of people; includes IRC and video-chat sites

  • Classifieds—Sites for buying and selling (or bartering) goods and services; includes sites with real-estate and housing listings

  • Dating—Sites for meeting other people

  • Drugs—Sites about illegal or recreational drug use

  • File Storage—Sites that offer space for hosting, sharing, and backup of digital files

  • Forums/Message Boards—Sites with discussions, including bulletin boards, message boards, and forums

  • Gambling—Sites that offer gambling or information about gambling

  • Games—Sites that offer game-play and information about games (news, tips, cheat codes)

  • German Youth Protection—Content deemed harmful to minors. This category helps prevent viewing of youth-endangering content in Germany. Blocked pages for this category will include German text. This list is not controlled by Umbrella and is created to be controlled by the BPjM (Federal Review Board for Media Harmful to Minors) to be compliant with German law. For more information, see http://www.bundespruefstelle.de/bpjm/Service/english.html.
    Note: Cisco Umbrella does not guarantee compliance with German law.

  • Hate/Discrimination—Sites that promote intolerance based on gender, age, race, nationality, religion, sexual orientation, or other group identities

  • Instant Messaging—Sites that offer access or software to communicate in real time with other individuals

  • Internet Watch Foundation (IWF)—Sites that contain child sexual abuse content; for more information about this category, see Internet Watch Foundation

  • Lingerie/Bikini—Sites displaying or dedicated to clothing that could be considered adult-only

  • Nudity—Sites that provide images or representations of nudity

  • P2P/File Sharing—Sites that facilitate the sharing of digital files between individuals, especially through peer-to-peer software, including torrent sites

  • Photo Sharing—Sites for sharing photographs, galleries, and albums

  • Pornography—Anything relating to pornography, including mild depiction, soft pornography, or hard-core pornography

  • Proxy/Anonymizer—Sites providing proxy bypass information or services; also, sites that allow the user to surf the net anonymously or send anonymous emails

  • Sexuality—Sites that provide information, images, or implications of bondage, sadism, masochism, fetish, beating, body piercing, or self-mutilation;  this category is not intended for LGBT-related sites that do not fall under the aforementioned criteria

  • Social Networking—Sites that promote interaction and networking between people

  • Tasteless—Sites that contain information on subjects such as mutilation, torture, horror, or the grotesque; includes pro-Anorexia and pro-suicide related sites

  • Terrorism—Sites that promote terrorism or are linked with terrorist organizations

  • Video Sharing—Sites for sharing video content

  • Visual Search Engines—Sites that allow searching for images based on keywords

  • Weapons—Sites about weapons, commercial and otherwise

  • Webmail—Sites that offer the ability to send or receive email

 

If a site was blocked for a content category, you can do a domain look-up on OpenDNS.com.

Note: If you are running into issues with Umbrella, please contact Meraki Support. If necessary, a Meraki Support Engineer will escalate with Umbrella Support on your behalf. There is no need to contact Umbrella Support directly, as they are not able to support this Meraki feature.

Applying an Umbrella Policy to an SSID

  1. Navigate to Wireless > Firewall and Traffic Shaping.

  2. Select the desired SSID from the drop-down menu on top.

  3. Select Enable Umbrella Protection under DNS layer protection to link the SSID to Umbrella.

  4. Select the desired Umbrella policy from the drop-down list.

 

Meraki-Umbrella19.png

 

  1. Click Save Changes at the bottom of the page.

Note: If, instead of the "Enable Umbrella Protection" button, you see "We're currently provisioning your Umbrella integration. Please try again later," please wait 5-10 minutes. An Umbrella account provisioning takes approximately five minutes. 

 

Screenshot at Oct 22 11-36-50.png

 

If there is any other message, please contact Meraki Support. 

DNS Exclusion for an SSID

When an SSID is configured in Bridge mode, the option to configure DNS Exclusion will be available under the Policy selection drop-down menu. This allows administrators to specify domains that should be excluded from Umbrella filtering. DNS requests for excluded domains are not redirected to Umbrella and are instead forwarded to the DNS server specified by the client. This is extremely useful for preventing DNS requests for local resources from being redirected to Umbrella, instead allowing them to reach internal DNS servers to resolve correctly. MRs automatically add the '.local' and 'in-addr.arpa' domains to be excluded from Umbrella redirection by default. 

Note: DNS Exclusion is only available for SSIDs configured in Bridge mode.

Warning: Changing an excluded domain (adding or removing) will result in all clients being temporarily disconnected from the SSID.

Disabling DNS Layer Protection for an SSID

If you wish to disable DNS layer protection for an SSID, select the Disable Umbrella protection button under Wireless > Firewall and Traffic Shaping and click Save Changes on the bottom of the page.

 

Meraki-Umbrella20.png

Creating and Applying a Group Policy with Umbrella Protection Enabled

  1. Navigate to Network-wide > Group Policies > Add a group.

  2. Type a name for the Group Policy.

  3. Under Firewall and traffic shaping select Custom SSID firewall and shaping rules.

  4. Click Save Changes on the bottom of the page.

 

Meraki-Umbrella21.png

 

  1. Navigate back to the newly created policy.

  2. Select Enable Umbrella Protection under DNS layer protection.

  3. Choose a desired policy from the drop-down menu.

  4. Select Save Changes on the bottom of the page.

 

Meraki-Umbrella22.png

Note: Group Policies do not allow you to configure DNS Exclusions.

 

  1. Navigate to Network-wide > Clients 

  2. Click on the client and select Different policies by SSID and select your Group Policy name. Click Save under the Device policy drop-down.

 

Meraki-Umbrella23.png

Disabling DNS Layer Protection for a Group Policy

If you wish to disable DNS layer protection for Group policies, navigate to Network-wide > Group policies, click the desired Group policy, and click Disable Umbrella protection button. Click Save Changes at the bottom of the page.

DNS Traffic Flow

Meraki-Umbrella24.png

 

This section of the article describes the expected traffic flow of DNS traffic from clients after an SSID or group policy has been successfully configured in the dashboard.

  1. A client sends a DNS Query for the desired domain name (e.g. twitter.com).

  2. Upstream MR access point intercepts the DNS query and attaches an identifier to it which allows Umbrella to determine which policy to enforce.

  3. MR then encrypts the DNS query using DNSCrypt, source NATs the packet to the MR management IP, and redirects it to the appropriate Umbrella resolver.

  4. Once received, the Umbrella resolver decrypts the DNS query and enforces the appropriate Umbrella policy (based on the attached identifier).

  5. If the request is allowed per configured policy, Umbrella returns an encrypted DNS response with the appropriate IP.

  6. If the request should be blocked, Umbrella returns an encrypted DNS response pointing to the Umbrella block page IP address.

  7. The client is sent to the desired domain name (e.g. twitter.com) or Umbrella Block page based on the applied policy.

 

Please contact Meraki Support if you have any questions. 

Note: Cisco Umbrella DNS filtering has the following general limitations: 

  1. If a client machine is programmed to reach out to an IP address of a remote server directly, a DNS-filtering solution like Umbrella will not prevent this communication, since there is no DNS query that MR can intercept.

  2. If a client is using some form of end-to-end encryption (e.g. VPN solution) that encrypts traffic between the client and a remote server (including DNS queries), MR will not be able to intercept those queries and forward them to an Umbrella resolver.

Note: DNSCrypt Compatibility

Access points that do not support 802.11ac, such as the MR18, will still be able to utilize Umbrella DNS services, but do not support the use of DNSCrypt when communicating to the Umbrella servers. All access points that are capable of 802.11ac or newer fully support the use of DNSCrypt with Umbrella DNS.

Blocking HTTPS Websites

Some websites (e.g twitter.com, facebook.com, instagram.com, dropbox.com) have a security policy called HTTP Strict Transport Security (HSTS), which means that even if a user types dropbox.com in the web browser address bar, which normally implies http://dropbox.com, the browser will automatically connect to https://dropbox.com because the Dropbox website does not allow HTTP connections.

 

This presents a unique challenge for displaying an Umbrella block page as explained below.

If a user tries to visit an HTTPS website by typing "https://example.com," or if the website has an HSTS security policy (e.g. dropbox.com), the following will happen:

  1. Client machine sends a DNS query for dropbox.com asking for an IP address.

  2. Upstream MR access point intercepts the DNS query and attaches an identifier to it, allowing Umbrella to determine which policy to enforce.

  3. MR then encrypts the DNS query using DNSCrypt, source NATs the packet to the MR management IP, and redirects it to the appropriate Umbrella resolver.

  4. Once received, the Umbrella resolver decrypts the DNS query and enforces the appropriate Umbrella policy (based on the attached identifier).

  5. Let’s say that “Full Appropriate Use Filtering” is applied to the SSID and, therefore, https://dropbox.com (File Storage) should be blocked.

  6. Umbrella will return an encrypted DNS response pointing to the Umbrella block page IP address (e.g. 146.112.61.106). This response will be decrypted by the MR and sent to the client.

 

Meraki-Umbrella25.png

 

  1. The client will try to establish a TLS session with 146.112.61.106 (Umbrella server) IP address received in the DNS response.

  2. Umbrella’s block page presents an SSL certificate to browsers that make connections to HTTPS sites. The certificate will match the requested site name (Common Name - CN) but will be signed by the Cisco Umbrella Root Certificate Authority (CA). If this CA is not trusted by your browser, an error may be displayed. For example, you can see the TLS certificate presented by OpenDNS, Inc. for dropbox.com here:

 

Meraki-Umbrella26.png

 

As you can see, the main issue here is that “Cisco Umbrella Root CA” is not trusted.

  1. Here is an example of what we would see in the Wireshark packet capture taken on the client machine:

 

Meraki-Umbrella27.png

 

  1. Most modern browsers (like Chrome, Firefox, Safari) will prevent users from going to a website with an untrusted/unexpected TLS certificate. Typical errors include: "Your connection is not private" (Chrome), "Did Not Connect: Potential Security Issue" (Firefox), or “Safari Can’t Open the page” (Safari). Although the error is expected, the messages displayed can be confusing to end users.

 

To avoid these errors entirely, it’s necessary to install the Cisco Root Certificate on client machines. This can be done on a per-browser or per-machine basis for personal use or small deployments. For larger deployments, an automatic installation through Group Policy (GPO) can be done. Note that the automatic installation through GPO will only work for users with Internet Explorer, Edge, or Chrome on Windows systems. As such, if your network includes users on Firefox or Safari browsers, and for users on non-Windows operating systems, the manual installation procedures must be followed.

Once you have installed the Cisco Root Certificate, users will be presented with Umbrella Block Page even for HTTPS and/or HSTS websites.

Meraki-Umbrella28.png

NOTE: Cisco Umbrella's resolvers live at 208.67.222.222/32 and 208.67.220.220/32; Meraki sends DNS traffic to either one. Make sure any upstream devices allow bi-directional UDP 443 to these addresses.

 

NOTE: The instructions above presume that you have access to an existing Umbrella dashboard. If you do not have such access you can download the Cisco Umbrella Root CA certificate

 

 Screenshot at Mar 31 12-59-22.png

Using the Security Center to View MR DNS Events

The Meraki Security Center provides reporting functionality for MR DNS events for all networks in the organization. To view these reports, navigate to Organization > Security Center > MR DNS Events.

It’s possible to search for a particular blocked website by pretending "uri:" to the search string (e.g. “uri:exampleadult.com”) or a particular blocked client by pretending "client:" to the search string (e.g. client:192.168.219.13).

 

You can also use the Filter option to filter DNS events by type (Content or Security) and/or action (Allowed or Blocked).

Screenshot at Oct 02 11-27-52.png

Note: Content categories are shown in gray in the Categories column while Security categories are shown in red.

Allowed_2.png 

Note: For newly provisioned Umbrella accounts it takes up to 60 minutes to start pulling MR DNS events from the Umbrella dashboard. The same applies to newly added MRs after the Umbrella account has been provisioned. It takes 10-20 minutes to pull any subsequent new events.