Layered Policies
under review (next candidate)
Allen
We should be able to give a site or agent a Policy, that policy should be able to just inherit another policy, using whole policy chain before it and over riding all prior policies - this allows us to do a BLOCK ALL (or strict default policy), and on a selective basis, allow more freedom - so in our example, we would want "WHITELIST ONLY" for the whole site, and then 3 in mission critical sites available for one policy + the whitelist only, then the second policy will be mission critical + whitelist, but would allow us to say trusted user, can access a few more less required sites
Derek
Ran this one by DNSF support today, unfortunately still not possible, I would need to add to universal list, allowing for all clients. :(
Steve Staden
Merged in a post:
Weight Based Policies
Josh
It would be great if we could have the ability to give weight to policies. Such that a computer policy with a weight of 1 would take precedence over a user policy with a weight of 5. This would allow us to make sure policies apply as we see fit instead of only relying on proper scoping and assignment of policies.
This should just fall back on the defaults when not in use.
Seán
I think this is a very critical feature that should be implemented ASAP
David
This would definitely be appreciated. Have a global policy for a client and needed to add an exception for a user for a specific application. Ended up having to clone the global policy to the site level and then assign the cloned policy with the modifications to that user. Except now if we change the global policy we now have to remember to change the user specific policy. very inefficient and easily prone to errors or inconsistency without some form of inheritance. If it was layered it would decrease admin overhead for an MSP.
Nakia
Just adding another MSSP voice here. Our specific use case is that we apply a global policy to all customers so that we can easily add or remove categories or other settings across all customers if necessary. However, if a customer requests a site be blocked or allowed, at the moment I cannot limit that block or allow to just that customer. I would have to do it globally and that is no bueno.
Kern
Control D just introduced this feature. I'm switching from DNSFilter, as what they currently offer is perfect for my org. https://docs.controld.com/docs/multiple-enforced-profiles
Michael
This is the only thing stopping us from switching from Cisco Umbrella. Under Cisco we can maintain a global list of malicious sites and by adding one entry have it sent to all our clients. It's a must have.
We generally block access to drugs & alcohol etc, a layered policy would allow us to not filter those for clients that are in or work with those industries.
Nick Saunders
Michael: Have you seen our recent launch of Universal Lists? This introduces global Allow and Block lists for domains that apply to all policies and clients.
Allen
Nick Saunders: unfortunately, this still misses the mark. unless you allow for many lists, with the ability to turn them off or on for different clients.
some sites will need stuff from the 1 global whitelist you provide, but we may not want other sites to have the same level of blocking/whitelisting.
there needs to be the ability to layer, down to a workstation level.
Nick Saunders
Allen: Totally get there's still a gap on the layered policies and appreciate the interest, we think Universal Lists is a step in the right direction and hope to continue with more granularity future release. Thanks
Andy
Definitely need this feature. Nested or sub policies would be a very useful feature.
William
Alternative thought on this is maybe Globally created custom AppAware Categories, so we could make our own block policies on a global level and then turn them on or off per site.
Ahamed
Any updates on this feature?
Load More
→