Getting Started – Quickest Setup

For the quickest setup using out-of-the-box defaults, follow the setup in the order shown below and proceed with the Basic Configuration. Once you have the basics in place, you can add a more customized or tailored experience in the Advanced Customization section

To get started, sign in to the portal at https://app.cyberfox.com and add any additional users who will help you manage CyberFOX DNS Filtering. 

Basic Configuration

Start with Policies 

The Allow All policy will be set as your default policy. You’ll want to set up a new “default” policy with the categories you wish to block or filter by clicking on Policies in the left navigation menu to set up a new Policy.

Create your new policy with a unique name for your configuration and add all the necessary categories that you will want to include in that Policy.

Add a Company

Next, you will add a company that you will be setting up to use the new Policy you created. When you make the company, you will allocate the number of licenses (considering the total number of users and devices), set up the email address to notify for any unblocking requests, and establish your new default policy. 

Determine your deployment method. 

CyberFOX DNS Filtering offers two specific deployment types that you can configure to utilize the CyberFOX DNS service: Static Locations and Roaming Devices. Each deployment type has its unique configuration and use cases, ensuring your network's flexibility and security. 

Static Locations

For a static location deployment using a gateway, router, or firewall at an office location, add a location under the company you have just created. This method is the simplest and most effective way to protect all devices at a single location. When you add a static location, you will need to know the public IP address of the location, assign it one of the generic block page templates, and the policy you created. 

Roaming Devices

Roaming devices are designed to move seamlessly between networks while utilizing DNS over HTTPS (DoH) for secure DNS queries. This deployment type is ideal for laptops, mobile devices, and any other devices that require secure DNS resolution, regardless of their physical location.

• Configure Roaming Devices for DoH. You can create a roaming device profile manually or by uploading a CSV for bulk creation. Think of a roaming device as a location within the system where you can assign a unique policy and block page, as well as configure fallback security according to your needs. You can then send the configuration page to the end user, along with instructions on how to configure their device.
   

• Use an Agent-based option for CyberFOX DNS filtering, which provides consistent and robust security across all devices, regardless of their network location. It ensures that DNS filtering policies are enforced even when devices are offline, automatically updates policies without requiring manual intervention, and provides detailed logging for troubleshooting. This can also be deployed using various deployment tools, such as RMMs and Intune. When you install the agent, it will show up as a roaming device under the company for which you downloaded the client. 
   

Advanced Customizations

Once you have mastered the basic setup to add a client or location with some Basic settings, you can add a few more advanced settings to personalize the experience for your end users. 

Create a Custom Block page.

A block page is a web page displayed to users when they attempt to access a website that DNS filtering policies have blocked. It informs the user that the site is restricted and offers options for further action, such as requesting access. Create a custom block page with specific instructions tailored to each location or client.  Once you have created your custom block page, you can edit a company or roaming location to use it. 

Custom Categories

You may want to create a new category for globally allowing or globally denying websites. This way, if any general domain whirtelisting or blacklisting is needed, a global allow and global deny category could be added to your policy, thus enabling you to update multiple customers' and devices' policies with a simple category update.

First, you need to create your custom category. Then, you have to edit the domains for that category. When setting the priority of the category, the higher the number, the more priority that category will have over lower priority rules. All of the default rules are automatically set to zero and cannot be modified.

Domain Reviews and Domain Overrides

When a user attempts to access a blocked domain, they can use the request form on the block page to request access to the domain, which will create a notification and domain review request. When you approve a Domain Review request, that establishes a Domain Override. 

Domain overrides allow specific domains to bypass the general policy applied to all customers. This is useful for scenarios where specific customers need access to particular websites without affecting others. For example, if a customer requires access to a particular website that should not be available to everyone else, a domain override can be used to permit access to that service without modifying the overall policy.

Domain Overrides can be created at three levels:

• Company Level - and will be applied to all locations and devices under the company
• Location Level - this will apply to the specific location, and will take priority over any company-level overrides.
• Roaming Device Level - This setting applies only to the specific roaming device and takes precedence over any company-level or location-level overrides.