[{"_id":"project-settings","settings":{"translateMetaTags":true,"translateAriaLabels":true,"translateTitle":true,"showWidget":true,"customWidget":{"theme":"custom","font":"rgb(255,255,255)","header":"rgb(4, 159, 217)","background":"rgba(0, 0, 0,0.8)","position":"right","positionVertical":"bottom","border":"rgb(163,163,163)","borderRequired":false,"widgetCompact":true},"widgetLanguages":[{"code":"de","name":"Deutsch"},{"code":"es-LA","name":"Español (América Latina)"},{"code":"fr","name":"Français"},{"code":"it","name":"Italiano"},{"code":"ja","name":"日本語"},{"code":"ko","name":"한국어"},{"code":"pt-BR","name":"Português (Brasil)"},{"code":"ru","name":"Русский"},{"code":"zh-TW","name":"中文(繁體)"}],"activeLanguages":{"ja":"日本語","de":"Deutsch","es-LA":"Español (América Latina)","fr":"Français","it":"Italiano","ko":"한국어","pt-BR":"Português (Brasil)","ru":"Русский","zh-TW":"中文(繁體)","fr-CA":"Français (Canada)","en":"English"},"enabledLanguages":["en","fr-CA","ja"],"debugInfo":true,"displayBranding":false,"displayBrandingName":false,"localizeImages":false,"localizeImagesLimit":false,"localizeAudio":false,"localizeAudioLimit":false,"localizeDates":false,"disabledPages":["/umbrella\\-dns\\-gov(/?|$)","/umbrella\\-sig\\-gov(/?|$)","^/umbrella\\-dns\\-gov$(/?|$)","^/umbrella\\-sig\\-gov$(/?|$)"],"regexPhrases":[{"phrase":"#<var num-days=\"\"></var> days ago","candidate":"#","variables":["<var num-days=\"\"></var>"],"regex":"^#([\\d ]+) days ago$"},{"phrase":"#Updated about <var num-hours=\"\"></var> hours ago","candidate":"#Updated about ","variables":["<var num-hours=\"\"></var>"],"regex":"^#Updated about ([\\d ]+) hours ago$"},{"phrase":"#Updated <var num-months=\"\"></var> months ago","candidate":"#Updated ","variables":["<var num-months=\"\"></var>"],"regex":"^#Updated ([\\d ]+) months ago$"},{"phrase":"#<var num-months=\"\"></var> months ago","candidate":"#","variables":["<var num-months=\"\"></var>"],"regex":"^#([\\d ]+) months ago$"},{"phrase":"#Updated <var num-years=\"\"></var> years ago","candidate":"#Updated ","variables":["<var num-years=\"\"></var>"],"regex":"^#Updated ([\\d ]+) years ago$"},{"phrase":"#about <var num-years=\"\"></var> years ago","candidate":"#about ","variables":["<var num-years=\"\"></var>"],"regex":"^#about ([\\d ]+) years ago$"},{"phrase":"#Skip link to Step <var step=\"\"></var> – View Logs in the App","candidate":"#Skip link to Step ","variables":["<var step=\"\"></var>"],"regex":"^#Skip link to Step ([\\d ]{1,2}) – View Logs in the App$"}],"allowComplexCssSelectors":false,"blockedClasses":false,"blockedIds":false,"phraseDetection":true,"customDomainSettings":[],"seoSetting":[],"translateSource":false,"overage":false,"detectPhraseFromAllLanguage":false,"googleAnalytics":false,"mixpanel":false,"heap":false,"blockedComplexSelectors":[]},"version":28039},{"_id":"en","source":"en","pluralFn":"return n != 1 ? 1 : 0;","pluralForm":2,"dictionary":{},"version":28039},{"_id":"outdated","outdated":{"#to provision users or groups in your organization.":1,"#source ip anchoring":1,"#source ip anc":1,"#Skipping ads...":1,"#For VPN connections":1,"#ZTAANdroid":1,"#crowd":1,"#edr":1,"#TNS":1,"#paexpire":1,"#license expire":1,"#DecryptionSecurity Profiles":1,"#dynamic sop":1,"#Traffic stearinnu":1,"#Traficc":1,"#5 minutes ago":1,"#The Cisco Secure Access policy is the collection of an organization's internet and private access rules. You can define composite source and destination components on Access rules. A composite source or destination may include multiple network address components. For composite sources, add IPv4 addr...":1,"#No search results for ‘New/Modified commands: external-browser’.":1,"#webAuth":1,"#FIDO":1,"#DMS Category":1,"#In Secure Access, when identities, such as networks or roaming computers, are pointed to the Secure Access DNS resolvers and when an internet request is made, the first thing that happens is the DNS resolver determines whether a domain is either allowed (safe), blocked or ‘risky.’ If it’s allowed, you’ll get the correct IP address of the domain returned the client. If it’s blocked, the IP of our block page lander is returned. If it’s ‘risky’, the resolver returns the IP of the intelligent proxy. The proxy authenticates the client (using redirects to a unique domain) and an allowed URL or file is permitted or blocked.":1,"#File Inspection employs Cisco Secure Access packages intelligent proxy in order to have some domains proxied through our cloud but not others. The intelligent proxy is a cornerstone of how we do advanced protection in the cloud. For more information, see <a ljsid-1=\"\">Enable the Intelligent Proxy</a>.":1,"#The file is captured in our proxy, scanned to determine if a threat exists, and if so, it's blocked from being downloaded. This file can be an explicit download, such as when a user clicks on a link in an email or a download that happens behind the scenes, in so-called 'drive-by download' scenarios. This is reported on in your Cisco Secure Access packages security activity report and the activity search so you can review what was blocked.":1,"#Not all features described here are available to all Secure Access packages. To determine your current package, navigate to Admin &gt; Licensing. For more information, see <a ljsid-1=\"\">Determine Your Current Package</a>.":1,"#Archives (such as .zip or .rar files) are decompressed and scanned to a maximum of 16 levels of recursion. Files compressed above 16 levels of recursion are blocked. A password-protected archive is not scanned as it cannot be decompressed without the password, however, it will be blocked under the antivirus' Protected Archive category. If there is a scanning error or the file is found to be corrupt or otherwise encrypted, Secure Access blocks that as well. Since we have determined already that the domain could contain risky files, we're taking the safest options when scanning files from those domains.":1,"#The antivirus scanner attempts to scan all files. Secure Access begins streaming large files from the proxy to the user after scanning the first 50mb in order to ensure that the user starts receiving the download while scanning continues in the background. As soon as a file is identified as malicious, the connection is terminated. For larger files, the user may initially experience a brief lag, but should still receive the entire file as quickly as normal—unless it's malicious.":1,"#File Inspection expands the visibility and enforcement capabilities of Secure Access, protecting against more attack vectors for more users. The ability to inspect files is performed in the cloud, not on-premises, so there is no need for additional hardware or software to be installed.":1,"#There's no reason to proxy requests to domains that are already known to be safe or bad. Secure Access’s intelligent proxy only routes the requests for risky domains for deeper inspection.":1,"#Secure Access's predictive intelligence allows it to determine what gets proxied; thus, not all traffic is proxied. Some domains Secure Access knows are bad—these domains are stopped immediately by Secure Access's DNS service. Other domains Secure Access knows are always going to be good—these domains are always allowed by Secure Access's DNS service and are never proxied. For domains that are on Secure Access's grey list, Secure Access proxies HTTP and HTTPS traffic to and from the device to protect you from accessing malicious files.":1,"#Secure Access's services are cloud-based and scale to handle any amount of internet traffic.":1,"#With the intelligent proxy, if a site is considered potentially suspicious or could host malicious content, Secure Access returns the intelligent proxy's IP address. The request to that domain is then routed through our cloud-based secure gateway, and malicious content is found and stopped before it's sent to you.":1,"#Normally, when you send a DNS request to Secure Access's DNS resolvers, we check to see if it's a malicious site, registered on a destination list, or if it's blocked by a content setting. If it is blocked, Secure Access returns a block page for the request. If it's not blocked, Secure Access returns the IP address of the domain and you can visit the site.":1,"#The intelligent proxy is built using a container-based microservices architecture. The proxy itself, and the services Secure Access integrates into the proxy, run and auto-scale independently from one another. For example, if the proxy notices a lot of files coming through for antivirus (AV) scanning, it automatically scales and provides more capacity for that function. This results in more effective performance for the intelligent proxy.":1,"#With the intelligent proxy, Secure Access avoids the need to proxy requests to domains that are already known to be safe or bad. Most phishing, malware, ransomware, and other threats are hosted on domains that are classified as malicious. It's simple: Secure Access blocks those threats at the DNS layer, with no need to proxy. If a domain poses no threat, such as a content-carrying domain (CDN) for Netflix or YouTube, Secure Access allows the domain, and again, no proxy is required.":1,"#Secure Access's intelligent proxy intercepts and proxies requests for URLs, potentially malicious files, and domain names associated with certain uncategorized or unknown domains. Some websites, especially those with large user communities or the ability to upload and share files, have content that most users want to access but also pose a risk because of the possibility of hosting malware. Administrators don't want to block access to an unknown domain for all users, but they also don't want your users to access files that could harm their computers or compromise company data.":1,"#<strong ljsid-0=\"\">Note:</strong> Secure Access excludes the <strong ljsid-2=\"\">Terrorism</strong>, <strong ljsid-4=\"\">Internet Watch Foundation</strong>, and <strong ljsid-6=\"\">German Youth Protection</strong> content categories from the Selective Decryption list. Secure Access always inspects and proxies sites related to these content categories.":1,"#Without the root certificate, when your users go to the intelligent proxy service, they receive browser errors and the site is not accessible. The browser correctly determines that the traffic is being intercepted (and proxied) by a 'man in the middle,' which, in this case, is the Secure Access service. Traffic is not decrypted and inspected; instead, the website is unavailable.":1,"#You must <a ljsid-1=\"\">install the Cisco Umbrella root certificate</a> on computers that are using SSL decryption for the intelligent proxy. Secure Access inspects URL and domain names found on our \"grey\" list and blocks these HTTPS URLs if they're considered malicious in our policies. These uncategorized sites can include popular sites, such as file-sharing services. While many uncategorized sites contain safe URLs, these sites can potentially host malware on certain specific URLs. In this case, Secure Access considers the site uncategorized and proxies the site for users.":1,"#<strong ljsid-0=\"\">Note:</strong> Secure Access does not proxy traffic on non-standard ports for web traffic.":1,"#If you encounter a feature described here that you do not have access to, contact your sales representative for more information. See also, <a ljsid-1=\"\">Cisco Umbrella and Cisco Secure Access packages</a>.":1,"#Not all features described here are available to all Secure Access packages. To determine your current package, navigate to Admin &gt; Subscription. For more information, see <a ljsid-1=\"\">Determine Your Current Package</a>.":1,"#Within a policy, Secure Access evaluates the following policy settings, starting with your policy's allowed destination lists.":1,"#Skip link to Secure Access DNS Policy Settings":1,"#Secure Access DNS Policy Settings":1,"#Secure Access provides a rich set of security controls which you can configure within a policy. You must have the intelligent proxy enabled for Secure Access to check certain policy settings.":1,"#If you are using Cisco Secure Access with roaming or mobile features, you have the ability to create location-based policies. The most common example of this would be to first create a security-only (for example, no content filtering) policy for all of your roaming laptops, then create a more restrictive policy for your corporate network (which would be placed above the roaming laptop policy). This is counter-intuitive due to above statements regarding organizing your policies from least to most specific. However, in this case, what it means is that when your roaming laptops enter your corporate network, they must adhere to the more stringent policies of the workplace. While they are outside of the network, however, as many users often use work laptops for some amount of personal browsing, they will have a layer of security wherever they go but are free to visit whatever websites they choose.":1,"#Umbrella module in Cisco":1,"#Skip link to To View the Default Access Rule":1,"#In the <strong ljsid-1=\"\">Default Access Rules</strong> section, click the ellipsis at the far right side of the rule and choose <strong ljsid-3=\"\">View</strong>.":1,"#To view the default access rule:":1,"#To View the Default Access Rule":1,"#The default access rule appears at the bottom of the Access Policy listing page.":1,"#There is a default private access rule. This rule applies to traffic that does not match any other rule.":1,"#You can enable or disable decryption logging globally in Global Settings, for traffic to private resources.":1,"#Intrusion prevention requires decryption in order to be effective. Generally, you will disable decryption for IPS only for troubleshooting purposes.":1,"#Global Settings affect all rules of the applicable type (private access rules.)":1,"#Enable or disable intrusion prevention by default for all new private access rules. When IPS is enabled, you can choose a default intrusion prevention profile for all new rules.":1,"#If no rule in the list matches the traffic, Secure Access applies the applicable default access rule to the traffic. The default access rule appears at the bottom of the Policy page.":1,"#The Cisco Secure Access policy table lists the configured properties, security controls, logging, and status information for your private access rules. The table shows a default set of columns on the table. You can customize your view of the policy table. For more information about the default rule data, see <a ljsid-1=\"\">Access Policy Rule Data</a>.":1,"#Security controls are the globally-configured profiles that are enabled on the rule: Intrusion Prevention (IPS). Hover over the security icon to display the profile information for the rule.":1,"#<strong ljsid-0=\"\">Destinations</strong>—The resources that are available on your organization's network.":1,"#<strong ljsid-0=\"\">Access</strong>—The type of access rule (<strong ljsid-2=\"\">Private</strong>).":1,"#The Secure Access policy displays various columns of data on your configured private access rules. For information about choosing additional data on your rules, see <a ljsid-1=\"\">Show Additional Data on Your Access Rules</a>.":1,"#The Cisco Secure Access policy is the collection of your private access rules, rule defaults, and global settings. The policy displays your configured rule data and allows you to choose how to prioritize the rules in your policy. Once you add a rule, you can edit various components on the rule. You decide how to view and manage your rules that best meets your organization's access controls to resources.":1,"#Muktu":1,"#marutu":1,"#The Endpoint Performance map is a visual representation of all endpoints that have been installed and registered to your ThousandEyes account. For instructions on how to install and register your endpoints, see Configure Experience Insights . The map provides real-time insights into the geographic d...":1,"#Manage Logs ≫ docs.umbrella.com":1,"#auto select nea":1,"#Monitor and analyze the performance and availability of SaaS applications to ensure reliability and peak performance. View the status of the most common SaaS applications that are used by today’s enterprises to gain greater awareness and control of the end-user experience. Procedure Navigate to: Exp...":1,"#iosJP-ITD-CiscoSSE-VPNP-iOS-Prod":1,"#The Threats Details provides information about specific threat types that your environment may have been exposed to. You can explore the most active identities, identity types, destinations, and threats associated with this threat type. Table of Contents Prerequisites View a Threat's Details View a ...":1,"#In Cisco Secure Access, a Network Object Group is a reusable collection of Network Objects and other Network Object Groups. You can add Network Object Groups in Secure Access and select Network Objects or other Network Object Groups to include in the group. After you add a Network Object Group in Se...":1,"#fixed ip":1,"#Secure Access supports Cloud Malware protection for files within your AWS deployment. To enable this feature: Enable CloudTrail Event Logging for S3 Buckets and Objects from the AWS console. (You need only enable this feature once for your account; you need not do it for each AWS tenant you authoriz...":1,"#In Cisco Secure Access, a Service Object Group is a reusable collection of Service Objects and other Service Object Groups. You can add Service Object Groups in Secure Access and select Service Objects or other Service Object Groups to include in the group. After you add a Service Object Group in Se...":1,"#Next Page: Edit a Service Object Group":1,"#Previous Page: Manage Service Object Groups":1,"#Skip link to Search on Name for Service Object Groups":1,"#Skip link to Example of Service Object Group Hierarchies":1,"#Skip link to Guidelines for Adding Service Object Groups in Secure Access":1,"#In the search bar, enter a sequence of characters to query for the name of the Service Object Groups.":1,"#On the <strong ljsid-1=\"\">Service Object Groups</strong> tab, navigate to <strong ljsid-3=\"\">Service Object Groups</strong>.":1,"#Search for the Service Object Groups in the organization.":1,"#Search on Name for Service Object Groups":1,"#<strong ljsid-0=\"\">Access rules</strong>—The list of rules that have the Service Object Group selected on the rules.":1,"#<strong ljsid-0=\"\">Included in</strong>—The list of groups that include the Service Object Group.":1,"#<strong ljsid-0=\"\">Includes</strong>—The list of the references to the objects in the Service Object Group.":1,"#<strong ljsid-0=\"\">Name</strong>—The name of the Service Object Group.":1,"#Navigate to a Service Object Group to view the details about the group.":1,"#Secure Access displays the list of the properties for the Service Object Groups in the organization.":1,"#View the Service Object Groups that you added to the organization in Secure Access.":1,"#Click <strong ljsid-1=\"\">Add Service Group</strong>.":1,"#b. for <strong ljsid-1=\"\">+ Create Object</strong>, follow the steps to add a Service Object. For more information, see <a ljsid-3=\"\">Add Service Objects</a>.":1,"#a. For <strong ljsid-1=\"\">Select Sources</strong>, choose from the lists of configured Service Objects and Service Object Groups.":1,"#For <strong ljsid-1=\"\">Select objects or groups</strong>, choose either <strong ljsid-3=\"\">Select Sources</strong> or <strong ljsid-5=\"\">+ Create Object</strong>.":1,"#, enter text that describes the Service Object Group.":1,"#, enter a name for the Service Object Group. Secure Access supports a sequence of 1–255 alphanumeric, space, hyphen, and underscore characters.":1,"#You must enter a valid name for the Service Object Group that is unique for all Service Object Groups in the organization.":1,"#Click on the <strong ljsid-1=\"\">Service Object Groups</strong> tab, navigate to <strong ljsid-3=\"\">Service Object Groups</strong>, and then click <strong ljsid-5=\"\">Add Group</strong>.":1,"#Add a Service Object Group in the Secure Access organization. When you configure a Service Object Group, select reusable Service Objects and other Service Object Groups on the group. You can also create new Service Objects and add these resources to the group.":1,"#Service Object Group C can not have Service Object Group A in its group.":1,"#Service Object Group B can not have Service Object Group A in its group.":1,"#<strong ljsid-0=\"\">Important:</strong> Secure Access does not support circular dependencies of groups in Service Object Groups. For example, if you have a Service Object Group with this object hierarchy:":1,"#Example of Service Object Group Hierarchies":1,"#A Service Object Group can include Service Objects and other Service Object Groups. Secure Access supports three levels of nested groups.":1,"#A Service Object Group must have a unique name within the scope of all Service Object Groups in the organization.":1,"#Guidelines for Adding Service Object Groups in Secure Access":1,"#After you add a Service Object Group in Secure Access, the group is available for you to select in other Service Object Groups and for destination components on private access rules. For more information about reusable destination components, see <a ljsid-1=\"\">Components for Private Access Rules</a>.":1,"#In Cisco Secure Access, a Service Object Group is a reusable collection of Service Objects and other Service Object Groups. You can add Service Object Groups in Secure Access and select Service Objects or other Service Object Groups to include in the group.":1,"#Log in to your Cisco Secure Access Virtual Appliance (VA) to diagnose error conditions on the Virtual Appliance. Table of Contents Prerequisites Reset a Virtual Appliance's Password Use Configuration Mode to Troubleshoot Troubleshoot Intermittent DNS Resolution Failures on a VA Deployed on Azure Tro...":1,"#To use Cisco Secure Client with Zero Trust Access on supported devices, a user must enroll the client in Zero Trust Access. 1. Install Cisco Secure Client See Get Started with Cisco Secure Client on Windows and macOS Devices . A Secure Client module may require the deployment of a certain profile to...":1,"#A number of advanced settings for both the Umbrella roaming client and the Cisco Umbrella Roaming Security module can be configured. In the Managed Services Console, navigate to Customer Management and click View Dashboard . The Umbrella dashboard for that customer opens. msla click daskboard.jpg In...":1,"#<i ljsid-0=\"\"></i>Updated<span ljscm-2=\"\"> </span>28 days ago":1,"#The Secure Access tenant controls profile manages access to the cloud-based application Slack. Prerequisites Slack requires the following data to configure tenant controls for access to the cloud-based application: Workspace ID Requester ID (for Business+ or Enterprise Slack Workspace ID) For more i...":1,"#Network Object Group B can not have Network Object Group A in its group.":1,"#<strong ljsid-0=\"\">Important:</strong> Secure Access does not support circular dependencies of groups in Network Object Groups. For example, if you have a Network Object Group with this object hierarchy:":1,"#Example of Network Object Group Hierarchies":1,"#A Network Object Group can include Network Objects and other Network Object Groups. Secure Access supports three levels of nested groups.":1,"#Next Page: Edit a Network Object Group":1,"#A Network Object Group must have a unique name within the scope of all Network Object Groups in the organization.":1,"#Previous Page: Manage Network Object Groups":1,"#Skip link to Search on Name for Network Object Groups":1,"#Skip link to Example of Network Object Group Hierarchies":1,"#Skip link to Guidelines for Adding Network Object Groups in Secure Access":1,"#In the search bar, enter a sequence of characters to query for the name of the Network Object Groups.":1,"#On the <strong ljsid-1=\"\">Network Object Groups</strong> tab, navigate to <strong ljsid-3=\"\">Network Object Groups</strong>.":1,"#Search for the Network Object Groups in the organization.":1,"#Search on Name for Network Object Groups":1,"#Guidelines for Adding Network Object Groups in Secure Access":1,"#<strong ljsid-0=\"\">Access rules</strong>—The list of rules that have the Network Object Group selected on the rules.":1,"#<strong ljsid-0=\"\">Included in</strong>—The list of groups that include the Network Object Group.":1,"#<strong ljsid-0=\"\">Includes</strong>—The list of the references to the objects in the Network Object Group.":1,"#<strong ljsid-0=\"\">Name</strong>—The name of the Network Object Group.":1,"#Navigate to a Network Object Group to view the details about the group.":1,"#Secure Access displays the properties for the Network Object Groups in the organization.":1,"#tab, and then navigate to":1,"#View the Network Object Groups that you added to the organization in Secure Access.":1,"#Click <strong ljsid-1=\"\">Add network group</strong>.":1,"#b. for <strong ljsid-1=\"\">+ Create Object</strong>, follow the steps to add a Network Object. For more information, see <a ljsid-3=\"\">Add Network Objects</a>.":1,"#a. For <strong ljsid-1=\"\">Select Sources</strong>, choose from the lists of configured Network Objects and Network Object Groups.":1,"#For <strong ljsid-1=\"\">Select objects or groups</strong>, choose either <strong ljsid-3=\"\">Select Object</strong> or <strong ljsid-5=\"\">+ Create Object</strong>.":1,"#b. For <strong ljsid-1=\"\">Description</strong>, enter text that describes the Network Object Group.":1,"#Enter a valid name for the Network Object Group that is unique for all Network Object Groups in the organization.":1,"#, enter a name for the Network Object Group. Secure Access supports a sequence of 1–255 alphanumeric, space, hyphen, and underscore characters.":1,"#Navigate to <strong ljsid-1=\"\">General</strong>.":1,"#Click on the <strong ljsid-1=\"\">Network Object Groups</strong> tab, navigate to <strong ljsid-3=\"\">Network Object Groups</strong>, and then click <strong ljsid-5=\"\">Add Group</strong>.":1,"#Add a Network Object Group. When you add a Network Object Group, select Network Objects to add to the group or create new Network Objects. You can also select other Network Object Groups to add to the group.":1,"#Network Object Group C can not have Network Object Group A in its group.":1,"#After you add a Network Object Group in Secure Access, the resources in the group are available for you to select for source and destination components on private access rules. You can use this group in other Network Object Groups and on any private access rules in the organization's Access policy. For more information about reusable source and destination components, see <a ljsid-1=\"\">Components for Private Access Rules</a>.":1,"#In Cisco Secure Access, a Network Object Group is a reusable collection of Network Objects and other Network Object Groups. You can add Network Object Groups in Secure Access and select Network Objects or other Network Object Groups to include in the group.":1,"#You can apply DLP SaaS API rules to files in an Azure tenant. You must authorize the tenant using the procedure described below. Once the tenant is authorized, for each file residing in the tenant, when Secure Access finds data in violation of an enabled SaaS API rule it will enforce the action of t...":1,"#You can view the highest-risk apps in the App Discovery Report by filtering for apps with the highest number of DNS requests. The App Discovery report is used to help review apps in your environment. To block risky apps, you must configure application settings within a policy rule to control apps . ...":1,"#protocol to define a destination that matches traffic on any IP or CIDR, with any port, on the available destination protocols.":1,"#Remove Account":1,"#Verify the deployment of the Cisco Security for Chromebooks client on a Chromebook device by confirming that the DoH template and the salt values that you configured in the Google Admin console propagated to the device.":1,"#Skip link to Step 1 – Prepare the Virtual Appliance Instance Template on GCP":1,"#The VA will automatically pull a DHCP IP and register to Secure Access with this IP address.":1,"#<strong ljsid-0=\"\">Note:</strong> Before performing this task, you must complete the one-time task of <a ljsid-2=\"\">preparing the virtual appliance instance template</a>.":1,"#Step 2 – Launch the Virtual Appliance on Google Cloud Platform":1,"#a. Navigate to <strong ljsid-1=\"\">Deployments &gt; Configuration &gt; Sites and Active Directory</strong> and click <strong ljsid-3=\"\">Download Components</strong>.":1,"#Step 1 – Prepare the Virtual Appliance Instance Template on GCP":1,"#<a ljsid-0=\"\">Step 2 - Launch the Virtual Appliance on Google Cloud Platform</a>. Perform this task for each VA after you have performed the one-time task of preparing the VA image.":1,"#Skip link to Step 2 – Launch the Virtual Appliance on Google Cloud Platform":1,"#<a ljsid-0=\"\">Step 1 – Prepare the Virtual Appliance Instance Template on GCP</a>. This is a one time task.":1,"#Deploy Cisco Secure Access Virtual Appliances (VAs) in Google Cloud Platform.":1,"#Highlight Text":1,"#Add Color":1,"#Hide popup in settings":1,"#Highlight text":1,"#The Remote Access Log report lists users' connection events that are related to remote access, tracked over distinct time periods. Table of Contents Prerequisites View the Remote Access Log Report View Event Details Prerequisites A minimum user role of Read-only. For more information, see Manage Acc...":1,"#Delete Network Object Groups":1,"#For more information, see <a ljsid-1=\"\">Edit a Network Object Group</a>.":1,"#Edit Network Object Groups":1,"#For more information, see <a ljsid-1=\"\">Manage Details of a Network Object Group</a>.":1,"#For more information, see <a ljsid-1=\"\">View Network Object Groups</a>.":1,"#For more information, see <a ljsid-1=\"\">Add Network Object Groups</a>.":1,"#To get started, add Network Object Groups with Network Objects in Secure Access to build collections of reusable network resources. After you add a Network Object Group, you can edit, view, duplicate, or delete the group in Secure Access.":1,"#Get Started With Network Object Groups":1,"#Next Page: Add Network Object Groups":1,"#Previous Page: Delete a Network Object":1,"#Skip link to Delete Network Object Groups":1,"#Skip link to Edit Network Object Groups":1,"#Skip link to Add Network Object Groups":1,"#Skip link to Get Started With Network Object Groups":1,"#For more information, see <a ljsid-1=\"\">Delete a Network Object Group</a>.":1,"#After you add Network Object Groups in Secure Access, you can select the Network Object Groups and Network Objects in the groups as source and destination components on private access rules. For more information, see <a ljsid-1=\"\">Components for Private Access Rules</a>.":1,"#Cisco Secure Access supports creating reusable Network Object Groups. A Network Object Group is a collection of Network Objects and other Network Object Groups. A Network Object Group's name is unique within the Network Object Groups in the organization. For information about Network Objects, see <a ljsid-1=\"\">Manage Network Objects</a>.":1,"#Circular Dependencies in Object Groups":1,"#Skip link to Circular Dependencies in Object Groups":1,"#Navigate to <strong ljsid-1=\"\">Group Values</strong>.":1,"#Next Page: Edit a Service Object":1,"#Previous Page: Manage Service Objects":1,"#The Domain Management area of the Umbrella dashboard (<strong ljsid-1=\"\">Deployments &gt; Configuration &gt; Domain Management</strong>) should be populated with any domains used by your organization to access local resources while on the organization's network (at the physical location or connected through VPN). Internal Domains is pre-populated with the <strong ljsid-3=\"\"><a ljsid-3-0=\"\">.local TLD</a></strong> and all <strong ljsid-5=\"\"><a ljsid-5-0=\"\">RFC-1918 (private network)</a></strong> reverse DNS address space. Newly added domains will sync down to the client. The update time varies, but may take up to 35 minutes. However, you can force the update sooner by restarting the client service.":1,"#The Umbrella roaming client is a lightweight DNS client that runs on your Windows or macOS computers. It is not a VPN client or a local anti-virus engine. It allows Umbrella security and policy-based protection, including our intelligent proxy , to be enforced no matter the network to which you are ...":1,"#📘 Important: Trials are available only for MSSPs. Starting a new trial lets you provide a potential customer with free access to Umbrella for 21 days so that a customer can \"test drive\" Umbrella. When you create a trial, your customer receives a \"Welcome to Cisco Umbrella\" email that includes a lin...":1,"#OneLogin can be used as an Identity-as-a-Service (IDaaS) provider, as well as authorized as a platform in Cisco Cloudlock. Refer to the following sections to activate OneLogin’s SAML service and/or OneLogin as a platform. Prerequisites The prerequisites for OneLogin installation are: ● Administrator...":1,"#Next Page: Salesforce":1,"#Skip link to Set Up OneLogin as a new Platform in Cloudlock":1,"#Skip link to OneLogin Platform Authorization":1,"#Skip link to Set Up OneLogin Authentication in Cloudlock":1,"#Select <em ljsid-1=\"\">Settings</em> &gt; API.":1,"#Changing the password ensures that the Cisco AD Connector can connect to AD using the new credentials. Failure to change the connector account password results in the connector being unable to subscribe to login events and AD changes. If the password is not changed, you will lose AD attribution for your DNS requests and be unable to propagate AD changes to Umbrella.":1,"#Next Page: Enable SaaS API Data Loss Prevention for Webex Teams":1,"#Launch the virtual appliance on GCP":1,"#Skip link to Source Security Group Tag (SGT) Matching":1,"#RA-VPNs do not receive SGT mappings directly through RADIUS.":1,"#Security Group Tags can only be used as source and <strong ljsid-1=\"\">not</strong> destination matching criteria in access control rules.":1,"#If you use ISE to define and use security group tags (SGT) for classifying traffic in a Cisco TrustSec network, you can write access control rules that use SGT as a source matching criteria. This enables you to block or allow access based on security group membership rather than IP addresses or network objects.":1,"#Source Security Group Tag (SGT) Matching":1,"#A Security Group Tag (SGT) specifies the privileges of a traffic source within a trusted network. Cisco ISE and Cisco TrustSec use a feature called Security Group Access (SGA) to apply SGT attributes to packets as they enter the network. These SGTs correspond to a user's assigned security group within ISE or TrustSec. If you configure ISE as an identity source, Secure Access can use these SGTs to filter traffic.":1,"#Manage Security Group Tags":1,"#Navigate to <strong ljsid-1=\"\">Resources &gt; Internet and SaaS Resources &gt; Destination Lists</strong> and click <strong ljsid-3=\"\">+Add</strong>.":1,"#Adding domain.com to a block list, and mail.domain.com to an Allow list, assuming both lists are applied to the same policy, results in Secure Access allowing access to mail.domain.com.":1,"#When adding new destination lists to Secure Access, there are a few things that you should take into consideration. Allow destination lists always take precedence over block destination lists. Allow lists also take precedence over security-related blocks. Thus, if a domain is being blocked incorrectly, adding it to an Allow list allows access. For example:":1,"#You can add a destination list to Secure Access at any time; however, a destination list does not necessarily come into effect when first created. If you add a destination list through the policy wizard, that destination list immediately becomes part of that policy and thus immediately takes effect. If you add a new destination list outside of the policy wizard, you must add it to a policy before it comes into effect.":1,"#Enabling RSS Virtio-Net Multi-Queue by Augmentant the Number of VNIC Queues":1,"#Image Configuration":1,"#VA pour hyper-V":1,"#Previous Page: Google Drive":1,"#This web page is being mapped so that you can begin creating rules. This might take a few moments.":1,"#Mapping web page":1,"#Before you can configure the Multi-or console to store your organization's logs to your own self-managed Amazon S3 bucket, you must first set up an Amazon S3 bucket. For information about how to do this, see Amazon's S3 documentation . JSON Bucket Policy When setting up your bucket, you are required...":1,"#Skip link to View Network Object Groups":1,"#View Network Object Groups":1,"#, enter a name for the Service Object. Secure Access supports a sequence of 1–255 alphanumeric, space, hyphen, and underscore characters.":1,"#You must enter a valid name for the Service Object that is unique for all Service Objects in the organization.":1,"#Click on the <strong ljsid-1=\"\">Service Objects</strong> tab, navigate to the <strong ljsid-3=\"\">Service Objects</strong> table, and then click <strong ljsid-5=\"\">Add Object</strong>.":1,"#Add a Service Object to your collection of reusable service resources in Secure Access.":1,"#A Service Object is defined by the protocol and port attributes of an application.":1,"#Skip link to Search on Name for Service Objects":1,"#Skip link to Guidelines for Adding Service Objects in Secure Access":1,"#In the search bar, enter a sequence of characters to query for the name of the Search Objects in the organization.":1,"#On the <strong ljsid-1=\"\">Service Objects</strong> tab, navigate to <strong ljsid-3=\"\">Service Objects</strong>.":1,"#Search for the Service Objects in the organization.":1,"#A Service Object must have a unique name within the scope of all Service Objects in the organization.":1,"#Search on Name for Service Objects":1,"#<strong ljsid-0=\"\">Access rules</strong>—The list of rules that have the Service Object selected on the rules.":1,"#<strong ljsid-0=\"\">Included In</strong>—The list of Service Object Groups that include the Service Object.":1,"#<strong ljsid-0=\"\">Ports</strong>—The value of the port or range of ports for the Service Object.":1,"#<strong ljsid-0=\"\">Protocol</strong>—The type of protocol that is configured for the Service Object, for example: <strong ljsid-2=\"\">TCP</strong>.":1,"#<strong ljsid-0=\"\">Name</strong>—The name of the Service Object.":1,"#Secure Access displays the list of the properties for the Service Objects in the organization.":1,"#Guidelines for Adding Service Objects in Secure Access":1,"#View the Service Objects that you added to the organization in Secure Access.":1,"#Click <strong ljsid-1=\"\">Add Service Object</strong>.":1,"#), for example,":1,"#Separate the range of ports with a hyphen (":1,"#to add any protocols for the Service Object.":1},"version":28039}]