Cisco Secure Connect - Client-based ZTNA Enablement for Existing Customers
Overview
Please note the following:
- All Secure Connect Complete customers who provisioned their account on 2024-08-01 or later will automatically be enabled with client-based ZTNA.
- All Secure Connect Complete customers who provisioned their account before 2024-08-01 can enable Client-based ZTNA starting on 2024-08-26 by contacting Secure Connect support. (If you do not have the "client-based" access method slider on the Resource & Applications edit page, your org is NOT enabled for client-based ZTNA. )
Cisco Secure Connect is pleased to announce the general availability of Client-based ZTNA. If you have reached this page, then your Secure Connect subscription is ready for an upgrade to support Client-based ZTNA. The early phases of enablement of Client-based ZTNA will be customer-initiated, support executed, and there will be some minor configuration loss. This page will focus on enabling the feature and does not replace the documentation for client-based ZTNA.
Client-based ZTNA Feature Entitlement
Secure Connect has several Packages and the following details entitlement for client-based ZTNA.
Package | Entitled? |
Cisco Secure Connect Foundation Essentials | No |
Cisco Secure Connect Foundation Advantage | No |
Cisco Secure Connect Complete Essentials | Yes |
Cisco Secure Connect Complete Advantage | Yes |
Pre Enablement Work
Before enabling Client-based ZTNA, it's important to understand the impact of your Secure Connect subscription.
What will be Migrated
- Private Applications
- Browser-based Access policy will migrate to Zero Trust Access Policy (Posture profiles will be dropped)
- Cloud-based firewall policy for private applications
What will NOT be Migrated
- Browser-based posture profiles
- ICMP apps
Cisco recommendations
- Document all Private applications, Zero Trust policies, Cloud firewall private rules & posture profiles
- Selecting a time for the upgrade that is off-peak utilization of the service
Step to enable
Once you have reviewed the steps for enablement and understand everything, open a support ticket to start the upgrade process.
- Open up case with subject "Client-based ZTNA enablement". Include any additional questions you have as well as your selected time for upgrade.
- Support will work with the customer to enable.
- After enablement is complete, testing should be performed to ensure migrated applications and policies still operating as expected
Post Enablement
After enablement, Client-based ZTNA will be available as another connection method to private applications. For full details on how Client-based ZTNA works, refer to the product documentation.