I am using Cisco DNS Umbrella for my DHCP clients and its blocking legitim site, how can i overcome this issue ?
I understand but i don't have access to the umbrella DNS
I am using the Meraki security and SD WAN>configure>DHCP>DNS nameservers : use Umbrella
This is free service and no subscription
Configuring the DNS servers for Umbrella just assign the 208.x.x.x server IPs to client IP leases. There should be no Umbrella enforcement policies in play. The Umbrella block page is being served up from Umbrella. The MX nor Meraki dashboard would/can present that page.
Before allowing anything and overriding a security system - you need to satisfy yourself that it has not been compromised. You could do some Google searches on the domain, perhaps check with the site operator if they know why Umbrella would be listing it as having been used for phishing. Ideally, have the site owners run an external security scan.
Umbrella does not usually get phishing warnings wrong. You should err on the side of caution.
Next, if you are satisfied Umbrella really is wrong, you can't override anything with a free Umbrella account. You need a paid account to be able to whitelist domains.
From reading further down, it sounds like you are using a free account. That being the case, I only see two options:
1. Stop using Umbrella temporarily.
2. Change to a paid account. You can get more info at https://umbrella.cisco.com/
Also, I would take extra special precautions accessing this site for the moment (assuming you override Umbrella) because you are increasing your risk posture. Let users know there is an elevated risk accessing the site and they should be extra careful clicking on links to verify if they are real or fraudulent, and to be careful of anything asking for passwords, personal information, etc. They should be looking for anything unusual for differences in behaviour.
I would also double-check the anti-malware on the machines accessing the site are right up to date.
Just did some googling and testing. If I change my default Firefox settings I get the same block page from Umbrella when going to the URL you mentioned.
By default Firefox is set to use Cloudflare for DNS over HTTPS. When I set it to use custom https://doh.opendns.com/dns-query I get the block page when trying to access loft.hometrust.ca.
Did someone perhaps change the browser settings on your machines to use some non default DNS config?
Talos, Brightcloud and Virustotal say that there is no threat known to this site. Either Umbrella has seen something very recently or it is a misclassification that should be gone anytime soon.
If your recently configured domain is blocked by Cisco Umbrella, please wait 13 days for Umbrella to properly classify your domain and automatically unblock it. If you have an urgent need to add a domain to your allow list, click the Request Allow List Review button on the right to submit your request.