In this article
This guide outlines Filtering Policy priorities at the policy and organization level. Reference this guide when creating or troubleshooting policies to confirm the desired filtering outcome.
When creating and applying Filtering Policies, there are two things to keep in mind:
- Allow Lists always win. If a domain is on either the Universal Allow list for the organization or the Allow list of a specific policy no other policy or environment modification can overrule it. If a domain is added to the Universal Block list and a policy Allow list, however, the domain will be allowed when that policy is applied
- The most specific filtering rules are enforced. If Universal Lists are not in use, an Allow Listed domain in a User-applied Filtering Policy is the most specific rule. A domain that's allowed/blocked by a Filtering Category applied to a Network Site has the lowest priority compared to other rules in the policy
Filtering Policy priorities
There is a specific order to how query traffic is treated dependent on where in the Filtering Policy the domain is allowed/blocked.
Find these filtering options from the DNSFilter dashboard under Policies.
This list is presented from highest priority—a domain listed here is prioritized over any other placement—to lowest priority—if the domain appears on any list above this priority that action should be expected.
Filtering Policy priority:
- Universal Allow List
- Allow List
- Universal Block List
- Block List
- Uncategorized domains
- Filtering Category (this includes policy selections under Threats, AppAware, and Extra Settings)
Organization environment priorities
With pricing plans Pro and above, Filtering Policies can be applied to Users, Collections, Relays, Roaming Clients, and Network Sites. Applying a Filtering Policy to the wrong environment attribute can disrupt usage or allow unwanted threats into the environment.
This list displays available Filtering Policy levels from most specific—a policy applied here will trump a policy applied to any other attribute—to most broad—a blanket rule that can be overruled by policies set on any of the other environment attributes.
Find these settings from the DNSFilter dashboard under Deployments.
- Users
- Collections
- Roaming Clients
- Relays (only applicable when a Relay is deployed)
- Sites
Need some troubleshooting help? These related support articles can help configure Filtering Policies.
Comments
0 comments
Please sign in to leave a comment.