Cisco Secure Access using ZTNA with Trusted Network Detection

fatalXerror · ‎02-06-2024

Hi, can the new Cisco Secure Access with ZTNA use the Trusted Network Detection (TND) where when the corporate domain is not reachable, ZTNA will automatically contact the Cisco Secure Access cloud. On the other hand, if the corporate domain is reachable and the endpoint is connected to corporate LAN/WLAN, ZTNA will not be enabled? Thanks

Darkmatter · ‎12-10-2024

I have exactly the same question but your question remained unanswered.

Hopefully someone can shine a light on this and briefly explains.

nbogdaje · ‎12-10-2024

Unfortunately the ZTNA module doesn't currently support trusted network detection. This is a popular feature request so I would imagine its coming in a future release.

howe · ‎12-11-2024

+1 to this feature. I am able to back off secure internet access via the RSM, and the always-on VPN in secure access based on trusted network. The ZTA stubbornly remains always on (expect when its broken!).

Given the hybrid nature of my work, I have to unenrol ZTA and re enrol ZTA depending on my location in order to get a useful experience. This is very less than ideal

fatalXerror · ‎03-04-2025

Hi @nbogdaje , noted on this, I also saw some recent Cisco Live and I've heard this feature set to be on the road map including the hybrid mode. But just to confirm, in the current behavior of the Cisco Secure Access (ZTNA), what will happen if I the user is in office versus out of office? Will the ZTNA module still connect to the nearest POP automatically?

Also, can I install the ZTNA module as a service so that users will not be able to disable the Secure Client? thanks

mat-allam · ‎01-27-2025

Not having this feature is slowing down our rollout. We have most of our servers on-prem - so this is quite painful with either not so great network performance, or having to unenroll and enroll every time the user wants to work.

ccieexpert · ‎01-27-2025

Please contact your local cisco account team or cisco partner and have them make a business case.. That is the only way it will make up the priority list.. more customers the better the chance

Darkmatter · ‎01-29-2025

I've got to know that the ZTNA Trusted Network Detection is currently planned for April/May timeframe, which is also a pre requisite feature for the Hybrid ZTA which is due in August.

Hope everyone is happy to hear this.

ccieexpert · ‎01-29-2025

Let us hope.. but is still good to have discussion with accounts teams so that they can engage the product management teams, and make sure it is in the roadmap.. they can discuss some of these confidential items within a NDA with customers which we can do here

Darkmatter · ‎01-30-2025

You can trust the info i provided as i got it from our account manager and it was confirmed by someone else internally at Cisco.

ccieexpert · ‎01-30-2025

i am not saying dont trust the info Each customer should pursue a enhancement directly with CIsco partner/accountteams, so that there is committed dates and clarity and assurances. A public forum may not guarantee that although we trust you (somewhat)