This makes sense on paper, but I am not sure how to implement it, as it would mean moving the appliance to a DMZ in front of the firewall. The appliance would then also need a route back into the network for the AD connector. Can umbrella be set to unencrypted DNS block or block 443 so that DNS requests are sent unencrypted both solutions are not perfect.
... View more