Overview
App Discovery now includes Advanced App Controls for users with the Secure Web Gateway (SWG) enabled. Please see: Advanced Application Control for further details. Some functionality examples include:
- Block file uploads to the cloud storage platforms such as Dropbox
- Block file uploads to media applications such as YouTube
- Block Social Media posts to sites such as Facebook and Twitter
- Block Webmail attachments in emails from being uploaded
The requirements for Advanced Application Control include:
- Cisco Umbrella SIG Essentials subscription
- SWG must be enabled
- This is not available for DNS policies
- This is not available for the Intelligent Proxy
Configuration
There are two ways to configure the Advanced Application Control:
1) From the Policy settings:
Select and expand required Policy > Click 'Application Settings' > Search for An Application (e.g Dropbox) > Click the Gear Icon to Enable Advanced App Controls.
2) From the App Discovery report:
Navigate to Reporting > App Discovery > Select the required App > Select the Link 'Edit app Controls'
Reporting
Activity Search will show the “Application Block” along with the name of the app, e.g Box Uploads
Troubleshooting and Raising a Support Case
If the Advanced Application control functionality is failing, please check the following:
- The Application settings are configured in the required Web Policy. You can check the SWG policy by visiting: http://policy-debug.checkumbrella.com
- HTTPS Inspection is enabled in the Web Policy. Advanced App Control will only work if HTTPS inspection is enabled.
- The domain is not exempt from HTTPS inspection: Expand the Web policy > Select the 'Edit' link below 'HTTPS Inspection'.
- The domain (e.g Dropbox.com) is not listed in the 'External Domains & IPs' lists (found under Configuration > Domain Management > External Domains & IPs). Any domains or IPs on this list will bypass the SWG and route to your local resolver. This list applies to PAC file and AnyConnect deployments.
- SWG must be enabled for this feature to work, the Intelligent Proxy is not supported.
- When an application is blocked, the Umbrella block page will not be displayed. Instead, an in-app error message will be displayed.
If you need to raise a support case, please email 'umbrella-support@cisco.com' with the following details:
- The output of http://policy-debug.checkumbrella.com
- The expected policy and identity (e.g. Network name, SAML user, etc)
- The expected outcome and Application setting (e.g block uploads to Dropbox)
Comments
1 comment
please update the web link to Advanced Application control, it returns a 404 non existant error.
Please sign in to leave a comment.