Meraki

Community

Umbrella blocking employer.carefirst.com ?

Solved
from_afar
Building a reputation
yesterday
yesterday

Umbrella blocking employer.carefirst.com ?

Anyone else seeing employer.carefirst.com being blocked? Strange because member.carefirst.com works OK, but employer just sits there until it times out. I don't see anything being blocked in the Reports, but I don't have anything else that could be blocking it. 

 

I tried adding to the "allow list" destination list as well as the allow list in URL blocking in Meraki interface. 

 

I'm just wondering if they are blocking the proxy addresses or something because I don't see what else is blocking it (I can get to the site fine on WiFi which is on a different network that doesn't run on Meraki or have Umbrella). 

Labels:
0 Kudos
1 Accepted Solution
from_afar
Building a reputation
yesterday
yesterday

Adding the URL to the Bypass Umbrella, Domain Allow lists, URL filtering allow list and AMP bypass did not work. However, adding it to Domain Management > External Domains & IP's in Umbrella finally allowed it to load. I don't understand why it didn't show in any of the reporting as being blocked nor proxied, passed all Policy Testing tests and especially why the Bypass Umbrella "Specify one or more domain names below (one per row) to be excluded from being routed to Cisco Umbrella." entry did not work. 

View solution in original post

0 Kudos
5 Replies 5
RWelch
A model citizen
yesterday
yesterday

Reputation Lookup || Cisco Talos Intelligence  doesn't show it's a threat.  I would look to see if you happen to have certain countries allowed/prohibited (maybe)?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
from_afar
Building a reputation
yesterday
yesterday

Thanks. No countries being blocked. Finally got it working via Umbrella External Domain and IP list. 😤

0 Kudos
from_afar
Building a reputation
yesterday
yesterday

Adding the URL to the Bypass Umbrella, Domain Allow lists, URL filtering allow list and AMP bypass did not work. However, adding it to Domain Management > External Domains & IP's in Umbrella finally allowed it to load. I don't understand why it didn't show in any of the reporting as being blocked nor proxied, passed all Policy Testing tests and especially why the Bypass Umbrella "Specify one or more domain names below (one per row) to be excluded from being routed to Cisco Umbrella." entry did not work. 

0 Kudos
In response to from_afar
Brash
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Adding the domain to "External Domains & IP's" essentially completely bypasses Umbrella for requests to this domain. Given adding it to the whitelist didn't resolve it, it's most likely it was being impacted by:
 - Intelligent Proxy

 - SSL decryption (if you're using SWG)

 - File Analysis

0 Kudos
In response to Brash
from_afar
Building a reputation
5 hours ago
5 hours ago

Possibly. I added it to every bypass/whitelist I could find and only the final step actually worked. Maybe I missed one? I have Health and Fitness (it is an insurance website so should fall in there) selected as Exempt in Intelligent Proxy/SSL selective decryption exemptions. File analysis is not enabled. 

 

I also thought that adding the domain to Meraki UI > Security & SD-Wan > Threat protection > Umbrella protection > "Specify one or more domain names below (one per row) to be excluded from being routed to Cisco Umbrella." would completely bypass Umbrella but that didn't seem to work...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.