154
Layered Policies
under review
Allen
We should be able to give a site or agent a Policy, that policy should be able to just inherit another policy, using whole policy chain before it and over riding all prior policies - this allows us to do a BLOCK ALL (or strict default policy), and on a selective basis, allow more freedom - so in our example, we would want "WHITELIST ONLY" for the whole site, and then 3 in mission critical sites available for one policy + the whitelist only, then the second policy will be mission critical + whitelist, but would allow us to say trusted user, can access a few more less required sites
David
This would definitely be appreciated. Have a global policy for a client and needed to add an exception for a user for a specific application. Ended up having to clone the global policy to the site level and then assign the cloned policy with the modifications to that user. Except now if we change the global policy we now have to remember to change the user specific policy. very inefficient and easily prone to errors or inconsistency without some form of inheritance. If it was layered it would decrease admin overhead for an MSP.
Nakia
Just adding another MSSP voice here. Our specific use case is that we apply a global policy to all customers so that we can easily add or remove categories or other settings across all customers if necessary. However, if a customer requests a site be blocked or allowed, at the moment I cannot limit that block or allow to just that customer. I would have to do it globally and that is no bueno.
Kern
Control D just introduced this feature. I'm switching from DNSFilter, as what they currently offer is perfect for my org. https://docs.controld.com/docs/multiple-enforced-profiles
Michael
This is the only thing stopping us from switching from Cisco Umbrella. Under Cisco we can maintain a global list of malicious sites and by adding one entry have it sent to all our clients. It's a must have.
We generally block access to drugs & alcohol etc, a layered policy would allow us to not filter those for clients that are in or work with those industries.
Nick Saunders
Michael: Have you seen our recent launch of Universal Lists? This introduces global Allow and Block lists for domains that apply to all policies and clients.
Allen
Nick Saunders: unfortunately, this still misses the mark. unless you allow for many lists, with the ability to turn them off or on for different clients.
some sites will need stuff from the 1 global whitelist you provide, but we may not want other sites to have the same level of blocking/whitelisting.
there needs to be the ability to layer, down to a workstation level.
Nick Saunders
Allen: Totally get there's still a gap on the layered policies and appreciate the interest, we think Universal Lists is a step in the right direction and hope to continue with more granularity future release. Thanks
Andy
Definitely need this feature. Nested or sub policies would be a very useful feature.
William
Alternative thought on this is maybe Globally created custom AppAware Categories, so we could make our own block policies on a global level and then turn them on or off per site.
Ahamed
Any updates on this feature?
Aliese
under review
Mikey @DNSFilter
Mikey @DNSFilter
Merged in a post:
Assign multiple policies to one user
Pau
We would like to create a layered structure of policies where you can groups of users (like in DC groups).
Imagine that we have two group of users i.e. A and B as well as two policies “block social-media” and “block bad-webs”. We may want to have the policy “block bad-webs” for both group A,B but “block social-media” just for the group A. This is important because otherwise, every small change has to be made for every single policy. For example, if you want to enable a website, if you don't use the proposed structure, you would need to create the rule in both policies. (What if we have 15 policies?? = nightmare).
Cheers!
Load More
→