Skip to main content
Cisco Meraki

About Browser-Based Access ZTNA

Screenshot 2022-10-26 at 10.41.25 AM.png

Customer Edge
  • Client initiates a browser connection to the application specific URL
  •  This request gets resolved and redirected to the nearest SNI proxy based upon anycast DNS
Service Edge
  • SNI Proxy knows which service to reach out to from the connection request
  • Connects to the nearest Umbrella cloud where the service is running and proxy the traffic coming from the browser
Fabric Services
  • The Zero-trust proxy (Zproxy) changes the traffic source to an address within (carrier grade NAT range)
  •  Request is sent for authentication and posture check
  • Once authenticated and authorized, it will redirect the request to policy engine where the decision is made to let the request in or not based upon your set policies
  • Once decided, it will be sent to our routing engine to correctly deliver traffic to the application
Customer Environment
  • User has secured access to the application

Note:  Dynamic routing is not available currently.  Therefore, for return traffic, the application side router must have a route to the through the backhaul tunnel.

Future Enhancements
  • Customized block pages 
  • Customized defined URL and customer owned certificate
  • Dynamic Routing


  • Was this article helpful?