Support for Layering/Inheriting Policy Settings across Orgs/Sites
under review ( scoping )
Allen Bolderoff
We should be able to give a site or agent a Policy, that policy should be able to just inherit another policy, using whole policy chain before it and over riding all prior policies - this allows us to do a BLOCK ALL (or strict default policy), and on a selective basis, allow more freedom - so in our example, we would want "WHITELIST ONLY" for the whole site, and then 3 in mission critical sites available for one policy + the whitelist only, then the second policy will be mission critical + whitelist, but would allow us to say trusted user, can access a few more less required sites
Lennart Friberg
This exact feature just got requested from our client. They have this feature with ZScaler and now moving to DNSFilter, but missing their restricted policies with cross allow rules between policies.
Jerry Ketterling
I want the same thing. Id be even happy with SIMPLE program logic that most computer languages support. The Concept of GLOBAL should automatically be visible and ASSIGNED to all lower leaf nodes unless the lower leaf node overrides and or redefines it.
Jerry Ketterling
I agree .. Things at the GLOBAL level should inherit downward automatically until over-ridden by specialization at the Organization or Site level. Speaking of which- the ORGANIZATION should also have its own "pseudo global level" that applies to all their SITES until it is overridden by a specific SITE policy or block page. GLOBAL BLOCK pages should also inherit downward. It would be helpful if the concept of GLOBAL was more akin to PROGRAMING languages. Variable declared GLOBAL are in force at every lower layer and automatically inherited until they are declared as STATIC or overridden at a lower layer. I think this would solve a lot of requests if we let the PROGRAMERS use programatic logic to defined DNSFilter inheritance and application within the MSP platform.
A
Ahamed
Does this still not have a definitive date?
Derek Wells
Ran this one by DNSF support today, unfortunately still not possible, I would need to add to universal list, allowing for all clients. :(
Kevin Hammond
Derek Wells In the same boat and spoke to support today and still no go on this. Really hoping this comes out soon as its been a huge downfall to the product.
Steve Staden
Merged in a post:
Weight Based Policies
Josh
It would be great if we could have the ability to give weight to policies. Such that a computer policy with a weight of 1 would take precedence over a user policy with a weight of 5. This would allow us to make sure policies apply as we see fit instead of only relying on proper scoping and assignment of policies.
This should just fall back on the defaults when not in use.
Seán O'Halloran
I think this is a very critical feature that should be implemented ASAP
David
This would definitely be appreciated. Have a global policy for a client and needed to add an exception for a user for a specific application. Ended up having to clone the global policy to the site level and then assign the cloned policy with the modifications to that user. Except now if we change the global policy we now have to remember to change the user specific policy. very inefficient and easily prone to errors or inconsistency without some form of inheritance. If it was layered it would decrease admin overhead for an MSP.
Kevin Hammond
This is exactly what we want/need as well. Coming from Forcepoint where this was all easily accomplished and now need 30 different policies to meet those one off users that just need access to one or two sites outside the normal policy.
Nakia Matthews
Just adding another MSSP voice here. Our specific use case is that we apply a global policy to all customers so that we can easily add or remove categories or other settings across all customers if necessary. However, if a customer requests a site be blocked or allowed, at the moment I cannot limit that block or allow to just that customer. I would have to do it globally and that is no bueno.
Jerry Ketterling
Nakia Matthews, TOTALLY agree with you..
Michael Moyse
This is the only thing stopping us from switching from Cisco Umbrella. Under Cisco we can maintain a global list of malicious sites and by adding one entry have it sent to all our clients. It's a must have.
We generally block access to drugs & alcohol etc, a layered policy would allow us to not filter those for clients that are in or work with those industries.
Nick Saunders
Michael Moyse: Have you seen our recent launch of Universal Lists? This introduces global Allow and Block lists for domains that apply to all policies and clients.
Allen Bolderoff
Nick Saunders: unfortunately, this still misses the mark. unless you allow for many lists, with the ability to turn them off or on for different clients.
some sites will need stuff from the 1 global whitelist you provide, but we may not want other sites to have the same level of blocking/whitelisting.
there needs to be the ability to layer, down to a workstation level.
Nick Saunders
Allen Bolderoff: Totally get there's still a gap on the layered policies and appreciate the interest, we think Universal Lists is a step in the right direction and hope to continue with more granularity future release. Thanks
Load More
→