Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
399
Views
0
Helpful
0
Comments

GA Announcement: Logical AND’ing of Policy Sources in Secure Access

Matt Prytuluk
Cisco Employee
Cisco Employee

‎08-29-2025 11:24 AM - edited ‎09-02-2025 10:33 AM

Feature Overview 

The Logical AND for Policy Sources feature in Cisco Secure Access introduces the ability for administrators to combine (AND) two different sources of Internet traffic when configuring security policies. This enhancement also enables organizations migrating from Umbrella SIG to Secure Access to accurately replicate complex policy scenarios that require multiple source conditions to be met for a policy to apply. 

Key Benefits / Value Delivered  

  • Greater Policy Precision: Administrators can define security policies that only apply when two distinct source conditions are met (for example, both a specific network location and a specific user group), supporting nuanced access controls. 
  • Seamless Policy Migration: Enables enterprises migrating from Umbrella SIG to Secure Access to recreate existing rulesets where policies depend on multiple conditions, reducing friction and manual effort. 
  • Regulatory and Privacy Alignment: Facilitates the creation of location- and identity-based policies, helping organizations tailor security and privacy requirements for different geographies and user groups. 
  • Operational Efficiency: Reduces the time and resources needed to adapt or reconfigure policies during migration, ensuring business continuity with minimal disruption. 

 

Getting Started 

To use the Logical AND for Policy Sources feature in Secure Access: 

  1. Navigate to the Policy Management section of the Secure Access dashboard. 
  2. When creating or editing a policy, choose two source criteria (such as devices and user groups) and select the AND operator to combine them. policy.png 
  3. Save and apply your policy. The rule will now only match when both source conditions are met. 

 

Documentation and Resources 

Feature Documentation:

https://docs.sse.cisco.com/sse-user-guide/docs/sources-in-internet-access-rules#combining-multiple-sources-in-rule 

https://docs.sse.cisco.com/sse-user-guide/docs/add-an-internet-access-rule#and-operator-with-pre-configured-sources 

 

Best Practices  

  • There are certain combinations of sources that are not supported as they are not technically achievable, please review the documentation for guidance. 
  • Review each AND condition to ensure the use-cases are met within a rule, so additional rules are not required each time. 
  • Periodically review policies to ensure they align with evolving privacy, regulatory, and business requirements. 

 

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents