We should be able to give a site or agent a Policy, that policy should be able to just inherit another policy, using whole policy chain before it and over riding all prior policies - this allows us to do a BLOCK ALL (or strict default policy), and on a selective basis, allow more freedom - so in our example, we would want "WHITELIST ONLY" for the whole site, and then 3 in mission critical sites available for one policy + the whitelist only, then the second policy will be mission critical + whitelist, but would allow us to say trusted user, can access a few more less required sites
Control D just introduced this feature. I'm switching from DNSFilter, as what they currently offer is perfect for my org. https://docs.controld.com/docs/multiple-enforced-profiles
This is the only thing stopping us from switching from Cisco Umbrella. Under Cisco we can maintain a global list of malicious sites and by adding one entry have it sent to all our clients. It's a must have.
We generally block access to drugs & alcohol etc, a layered policy would allow us to not filter those for clients that are in or work with those industries.
Michael: Have you seen our recent launch of Universal Lists? This introduces global Allow and Block lists for domains that apply to all policies and clients.
Nick Saunders: unfortunately, this still misses the mark. unless you allow for many lists, with the ability to turn them off or on for different clients.
some sites will need stuff from the 1 global whitelist you provide, but we may not want other sites to have the same level of blocking/whitelisting.
there needs to be the ability to layer, down to a workstation level.
Allen: Totally get there's still a gap on the layered policies and appreciate the interest, we think Universal Lists is a step in the right direction and hope to continue with more granularity future release. Thanks
Definitely need this feature. Nested or sub policies would be a very useful feature.
Alternative thought on this is maybe Globally created custom AppAware Categories, so we could make our own block policies on a global level and then turn them on or off per site.
Any updates on this feature?
marked this post as
Merged in a post:
Assign multiple policies to one user
We would like to create a layered structure of policies where you can groups of users (like in DC groups).
Imagine that we have two group of users i.e. A and B as well as two policies “block social-media” and “block bad-webs”. We may want to have the policy “block bad-webs” for both group A,B but “block social-media” just for the group A. This is important because otherwise, every small change has to be made for every single policy. For example, if you want to enable a website, if you don't use the proposed structure, you would need to create the rule in both policies. (What if we have 15 policies?? = nightmare).
Yes we need to be able to apply multiple policies to a single site.
Lee's example is perfect. Need to be able have a Global Policy that covers all sites plus then layer on a 2nd policy that is specific to a site.
Josh Lamb That would work also, i was thinking more on the lines of assigning more than one policy to one site allowing us to create a policy called "Anti Spam Sites or Master Block Lists" and apply that to more than one site. This will still give the site the ability to have their own but we can add a site such as youtube.com to a single policy and all sites block it instantly. What you say below also sounds just like this, just wanted to explain the ideas or thoughts i had. Sorry for the delay.