Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2220
Views
4
Helpful
4
Comments

FQDN Update for Roaming Client Reliability

adamwin
Cisco Employee
Cisco Employee

‎09-05-2025 02:16 PM - edited ‎10-09-2025 10:21 AM

We are rolling out an important enhancement to improve connection reliability for the Cisco Secure Access roaming client. Please review the details below.

What is changing? We are enhancing our data center selection logic to ensure SWG roaming clients always connect to the most optimal data center. This resolves an issue where users with an inactive DNS module could experience sub-optimal DC selection, which was most impactful for reserved IP customers.

What is the benefit? More reliable and higher-performance connections for your roaming users.

Is action required? For most customers, no action is required. The update is applied automatically.

However, you may need to take action if you have manually configured our FQDNs in your environment.

Who needs to take action? You will need to update your configuration if:

  1. You have firewall or ACL rules that explicitly allowlist FQDNs. You must add the new FQDN pattern to prevent blocked connections. (Note: The FQDN was not widely published, so most customers using allowlists rely on our ingress IPs.)
  2. You use a PAC file or proxy chain with the old FQDN hardcoded. You should update the FQDN to take advantage of the reliability improvements.

What are the new technical details? The update uses a new FQDN pattern that is specific to your organization.

  • Old FQDN: swg-url-proxy-https-sse.sigproxy.qq.opendns.com
  • New FQDN Pattern: swg-url-proxy-https-#####.sseproxy.qq.opendns.com
    • (The ##### is your unique Secure Access organization ID.)

When is this happening? The rollout will be gradual over several weeks, starting on September 8th

If you have any questions, please contact Cisco Support.

Thank you,
The Cisco Secure Access Team

Note: The old FQDN will continue to work even after your organization is updated to support the new FQDN.

Comments
ethan-nt
Level 1
Level 1
‎09-29-2025 09:02 AM

When I check Cisco Secure Access, the end-user connectivity for the PAC file is still pointing to the old FQDN. Should I expect the FQDN to update automatically, or do I need to manually update it when using the proxy URL?

 

0 Helpful
adamwin
Cisco Employee
Cisco Employee
‎09-29-2025 07:32 PM

Hi @ethan-nt the changes are slowly rolling out on a customer-by-customer basis. DM me your org ID if you want to get it sooner. 

0 Helpful
ethan-nt
Level 1
Level 1
‎10-08-2025 08:07 AM

Hello,

My concern is how this change might impact my production servers.

Currently, some servers are using the Umbrella Proxy swg-url-proxy-https-sse.sigproxy.qq.opendns.com via the WINHTTP method.
Do I need to update the proxy address in advance, or will the existing address remain active for a certain period to allow a gradual migration?

0 Helpful
adamwin
Cisco Employee
Cisco Employee
‎10-09-2025 10:21 AM

@ethan-nt  the old FQDN will continue to work even after the new FQDN is enable for your organization. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents