Network Device Migrations: Understanding your new Umbrella Dashboard

Overview: What to Expect with your new Dashboard

NOTE:  This article is only for customers who are on the following network devices and have an integration with OpenDNS on the device:  Aruba Networks, Aerohive or Cradlepoint.  If you are not part of that portion of our customer base, the information below is non-applicable. 

Welcome to your new OpenDNS Dashboard experience!

As part of this upgrade, you'll be receiving a different interface than the older one you're probably used to but that change also brings with it some new features.  This dashboard is called the OpenDNS Umbrella Dashboard and is the most modern interface for managing your OpenDNS information.

First, your network device (or router) you're using OpenDNS with is now identified as a Network Device in your Dashboard. A Network Device is dubbed as an "Identity" within this dashboard and you can add a policy that applies to the network device (and all traffic from computers behind it).  You're also able to report on the traffic originating from your Network Device.

In addition, you can manage the Network Device itself-- whether that's adding another device to your account or removing the device.  This article goes over some of these new features, including the 4 steps to updating your policies and how to run reports. 

Adding, Managing or Removing a Network Device

Your Network Device (Aruba, Cradlepoint or Aerohive device) should already be present if you've upgraded from the previous dashboard.   You can see the device in your Dashboard under Configuration > Identities > Network Devices similar to the image below:

A device is registered with OpenDNS through one of two methods.  Authentication to register is provided in the device itself-- in the form of a username and password, or in the form of an API token and key.  Aruba, Cradlepoint and Aerohive devices are all authenticated via a username and password in the device and if had registered it with your old dashboard already, the device should already be there.  Information about the API key can be ignored. 

If you wish to add additional devices, simply authenticate those devices with OpenDNS as you've done with the device(s) that are already present in the dashboard. 

To remove a device, you must remove the authentication from the device first (or simply take the device offline if you're decommissioning it.)  Otherwise, even if it has been deleted from the dashboard, the device will reappear in the dashboard when it sends additional traffic.  Once authentication has been removed from the device, it can be deleted from the dashboard.

Creating and Applying a Policy for your Network Device

There's a single default policy already created for you and that's applied to your existing Network Device, it's named the Default Policy.  If you only have 1 device, or if you'd like a single policy for all your devices, we recommend that you use the existing Default Policy.

There are actually two Identities in your policy:  a Network Device, or Network Device(s) and Networks.  Networks are Identities that can be configured for additional networks that aren't running registered Network Devices.  For more about how to configure Networks, read here: https://support.opendns.com/entries/22364046

Policies can be viewed and updated from Configuration > Policies in the Dashboard.  

These steps apply when editing the default policy or adding a new policy. The default policy applies to all identities when no other policy above it covers that identity.  In other words, the OpenDNS Default policy is a catch-all to ensure all identities within your organization receive a baseline level of protection. 

If creating a new policy, please refer to Step 1 below.

Step 1: Create your Policy & Select Identities

Go to Configuration -> Policies  and click “create a new policy” or select Default Policy. Select any or all of the identities that you've created in the previous steps. If you chose Default Policy, all identities will be selected.

 

The first step in editing a policy is to select the identities to which the policy will be applied. This will determine who(m) these settings will apply. This can be any combination of Identities available in your account, either a single Network Device or multiple Network Devices. 

Step 2: Select Policy Settings

Policy settings contain content filtering, security, and domain list settings. Each of these settings are broken down below.

• a. Category Settings - these settings filter types of content based on your Organization's acceptable use policies.
• b. Security Settings - these settings set the types of security settings you'd like to have in place to protect yourself on the Internet.
• c. Domain Lists - If you have particular domains you'd like to allow or block, add them to a domain list. There are two by default, block or allow, and you can create more to organize groups of domains.

	a. Category Settings: These settings allow the selection of content categories to be blocked for the Identities selected in Step 1 of the Policy Editor. By default, no content categories are blocked. A list of all categories and details for each is here. To create a new set of content filtering rules, click "add new settings" on the Policy Editor, or select an existing saved setting from the drop down menu. Adding a new setting or clicking on the name of the setting will bring up the Category Settings editor shown to the left. Here the content filtering settings can be modified. Whitelist-Only mode: If checked, only domains explicitly allowed on a domain list (see section c below) will be allowed. Since many websites require many content domains, this option may take time to build a domain list.  We do not recommend using this option for most customers.
	b. Security Settings: These settings allow the configuration of which security type threats are blocked. Malware and Drive-By downloads as well as mobile threats cannot be disabled. Options include enabling blocking of DDNS-hosted domains. The Intelligent Proxy may also be activated on select packages, and this allows for URL-based malware filtering for domains with legitimate content where some pages may contain malicious files.
	c. Domain Lists: Domain lists allow the customization of filtering by creating a list of domains that are explicitly blocked or allowed. Note that each domain list can be set to be a block list (default) or an allow list. We recommend adding domains in the format "domain.com" rather than www.domain.com to ensure *.domain.com is included. Allow list entries will always take precedence over block list entries. For example: Blocking domain.com and adding mail.domain.com to the whitelist will still allow mail.domain.com.  Adding domain.com to the Allow List and blocking sub.domain.com will still allow sub.domain.com. Note: Domain lists are not saved until the Save (Add for new lists) is clicked, despite appearing in the list view after entering it. For more information, please see our detailed article on adding/removing domains from a Domain List.

 

Step 3: Select Block Page Settings

Block Page Settings outlines how to configure a unique block page for your users, as well as how to bypass that block page if need be. Each of these settings are broken down below.

• a. Block Page Settings - these settings let you customize the block page appearance, redirect to a custom domain, and more.
• b. Bypass Users - Users who can log in to bypass block pages on this policy. 
• c. Bypass Codes - Codes who can log in to bypass block pages on this policy.

	a. Block Page Settings: This settings allow for the customization of the block page. Choose a generic message across all block pages, or customize the message per type of block page. The block can also redirect to a custom URL. If not redirecting to a custom URL, a contact form can be added to allow blocked users to contact the administrator at the email provided. Finally, a custom logo can be uploaded to be displayed on the block page in place of the OpenDNS logo.
	b. Bypass Users: A bypass user can log in (when added to the policy) to bypass the selected type of block pages. Note that the user must already exist on the Dashboard to be added as a Bypass User (from System Settings -> Accounts).
	c. Domain Lists: Bypass codes can be created to allow blocked users to bypass the block page. When enabled (with the check mark) on the policy, the selected categories and/or domains can be bypassed. Ensure to set an expiration for the code, or the default will expire within an hour.

 

Step 4: Set Policy Details

Finally, the name of the Policy may be edited, and logging settings chosen. Logging enabled is recommended to start out to ensure that the desired settings are active. Logging settings are "Logging Enabled" for full logging, "Content Logging Disabled" for security logging only, and "Logging Disabled" to disable all logging.  Policy settings are only saved after clicking the Save button. All changes will be lost unless the Save button is clicked.

Reporting on your Network Device

To check out information coming from your Network Devices, go to the Reports section of the Umbrella Dashboard.  The following reports will be available:

Activity Search:  Activity in your environment over the selected time period. Filterable by Identity, destination, source IP, response, content category, and security category. Security Activity:  Security-related activity in your environment, including malware, Command and Control Callback, and all other security categories over the selected time period. Filterable by Identity, destination, and security category. Total Requests:  Total requests for destinations from your organization over the selected time period. Filterable by Identity. Activity Volume:  Total queries within your organization broken down by security categories and results over the selected time period. Filterable by Identity. This report has two views: Snapshot (table) and Trend Over Time (graph). Top Domains:  A list of the most requested domains within your organization over the selected time period. Filterable by Identity, response, destination, content category, and security category. Top Categories:  A list of the top content categories for your organization over the selected time period. Filterable by Identity and response. Top Identities: A list of the top traffic-generating Identities over the selected time period. Filterable by Identity and destination.  Exported Reports gives you a list of the exported versions any of the Reports above. Admin Audit Log is the ability to check to see who has made changes to your Dashboard.