Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
2
Helpful
5
Replies

Secure Access, Secure Client ZTNA users internet destination

Go to solution
hadi123
Level 1
Level 1

‎12-03-2024 12:37 AM

Hi needing for assistance on how to use zero trust access for internet destinations. I am testing for users who connected to secure client zta to allow or block internet destinations. I created internet destinations and access policy for internet access, but when I try to access through the internet with zta user connected, it is not routed to the access policy that I made. I also enabled the DNS and Web Security under connect > end user connectivity.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howe
Level 1
Level 1
In response to hadi123

‎12-03-2024 06:49 AM

Yes - so normally internet access would not go via ZTNA, this is for private apps. However, if you want to send public internet traffic via ZTNA to egress from your resource connector, it is conceptually a private app. As such you define it as a private app, and it is subjected to a private app rule, which is by default a BLOCK unless specifically allowed in keeping with zero trust principles  

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
howe
Level 1
Level 1

‎12-03-2024 12:50 AM

Using zero trust for internet destination actually utilises a private access rule, think of it as a private app with a non rfc 1918 address.

https://docs.sse.cisco.com/sse-user-guide/docs/zero-trust-access-to-internet-destinations

 

Go to solution
hadi123
Level 1
Level 1
In response to howe

‎12-03-2024 03:45 AM

Thanks for the link. Question, when making access policy it should be private access? Not Internet Access?

0 Helpful

Go to solution
howe
Level 1
Level 1
In response to hadi123

‎12-03-2024 05:54 AM

Yes correct, private access rule  

Go to solution
hadi123
Level 1
Level 1
In response to howe

‎12-03-2024 06:13 AM

Noted, thanks! So for clarification, Secure client zta users accessing internet destination and applying granular policy to it, that should be private access rule?

0 Helpful

Go to solution
howe
Level 1
Level 1
In response to hadi123

‎12-03-2024 06:49 AM

Yes - so normally internet access would not go via ZTNA, this is for private apps. However, if you want to send public internet traffic via ZTNA to egress from your resource connector, it is conceptually a private app. As such you define it as a private app, and it is subjected to a private app rule, which is by default a BLOCK unless specifically allowed in keeping with zero trust principles  

 

 

0 Helpful
Customers Also Viewed These Support Documents