Feature Overview

The Scheduling for Internet Rules feature is now generally available in Cisco Secure Access. This new capability allows administrators to create and apply time-based schedules to internet access rules, providing granular control over when policies are active. Administrators can define schedules with specific time zones, start and end dates, and recurring time periods (such as Monday to Friday, 9 AM to 5 PM) to automate policy enforcement.

Key Benefits / Value Delivered

• Granular Policy Control: Enforce internet access policies with precision by aligning them with specific operational times, such as business hours, weekends, or designated maintenance windows.
• Automated Rule Management: Simplify administration by scheduling rules to enable or disable automatically. This reduces manual effort, minimizes human error, and ensures policies for temporary access or projects are automatically cleaned up.
• Streamlined Change Management: Safely deploy new rules by scheduling them to activate during pre-approved, low-impact change windows, ensuring smooth and predictable policy updates.

Use Cases -  Some specific challenges that the Scheduling feature addresses include:

• Aligning Internet Access with Business Hours: Restrict access to non-productive web categories like social media or streaming services during work hours to improve focus, and then automatically relax these restrictions after hours.
• Managing Temporary Access: Provide time-bound internet access for contractors, vendors, or specific projects by setting a start and end date for their access rules, eliminating the need for manual de-provisioning.
• Phasing in New Policies: Introduce a new security policy by scheduling it to become active on a future date, giving you time to communicate the change to end users before it is enforced.

Getting Started - To begin using the Scheduling for Internet Rules feature, follow these steps:

1. Create a Schedule: Navigate to Resources > Settings > Enablement Schedule and click Add Schedule.

    

2. Configure Schedule Details: Define the schedule by giving it a name, and setting the appropriate time zone, start/end dates, and recurring time periods (days and times).
3. Apply to an Internet Rule: Edit an existing internet rule or create a new one in the Access policy. Enable the Schedule Enablement Time and Date setting and select the schedule you created.

Documentation and Resources

• For a detailed guide on creating and applying schedules, please see our documentation: Manage Schedules for Internet Access Rules.

Best Practices - To get the most out of this feature, we recommend the following:

• Create Reusable Schedules: Build generic schedules (e.g., "Standard Business Hours," "Weekend Access") that can be applied across multiple rules to ensure consistency and simplify management.
• Utilize Time Zones for Global Policies: For a distributed workforce, create separate schedules for each major geographic region to ensure policies are enforced according to local time.
• Set Expiration Dates for Temporary Rules: Use the "End Date" option for rules related to short-term projects or events. This keeps your policy set clean and secure without requiring manual intervention later.
• Consider DNS Caching Behavior: Be aware that for rules enforced via the DNS path, policy changes may be delayed due to DNS caching on end-user devices. For time-critical enforcement, apply schedules to rules enforced via the web proxy.

We are excited to bring this powerful new capability to Cisco Secure Access. Start leveraging scheduling today to enhance your policy control and operational efficiency. For more information, please contact your Cisco representative.