Skip to main content
Cisco Meraki

Cisco Secure Connect - Defining Private Applications

  1. Last updated
  2. Save as PDF

Overview

A private application is an application that is hosted within a private datacenter or private cloud.  Cisco+ Secure Connect enables organizations to control access to an application to users connecting via client-based remote access (VPN) or via clientless remote access (ZTNA).  The first step is to define your applications in Cisco+ Secure Connect.

Configuration Steps 

  1. From the Secure Connect menu, navigate to Identities & Connections -> Applications.

Screenshot 2023-06-02 at 9.43.53 AM.png

  1. Navigate to Private Apps tab and look to the upper right-hand corner, and choose Add App 

 Screenshot 2023-10-30 at 8.23.51 PM.png

  1. Give your application a good descriptive Name and Description 

  1. Select Network Based Access and/or Browser Based Access based on how the application will be accessed 

Network-Based Access

Create an application as a object which can be used to control access from RAVPN and branch users.  The app will be listed under destination criteria in the Secure Connect -> Cloud Firewall rules designated as Private App and Network type.

  1. Name of the application  

  2. Description (optional)  

  3. Enable the Network Based Access option  

  4. Enter the IP address and port information  

  5. Select the protocol - TCP, UDP, ICMP or Any.   

Documentation - Private Apps NAP.png

One the app is created, you can click on in and review details on its settings.

clipboard_eeba4c537ab02e83a62feac1257f8ec5f.png

Browser-Based Access

Create an application as a object which can be used to control access from external browser-only users.  The app will be listed under destination criteria in the Secure Connect -> Policies -> Browser Access rules.

  1. Name of the application  

  2. Description (optional)  

  3. Enable the Browser Based Access option  

  4. Enter the IP address and port information  

  5. Select the protocol HTTP/HTTPS  

  6. SNI (Server Name Indication) field (optional) - this is the SNI field the proxy should use while connecting to the private application  

  7. Enable/Disable the application certificate - Proxy should validate the application certificate or not while connecting to the application.  

  8. Click on Generate for the External URL - this is the URL you can use to access the application.  

Documentation - Private Apps BAP.png  

Note: Validate Application Certificate - If the application is configured to use HTTPS, this toggle tells the proxy to validate the certificate presented by the application web server (with public Root CAs) or don't validate it and just accept any certificate 

 

  1.  Scroll down to add the application to an Application Group (optional)  and press Save.

Documentation - Private Apps App Group.png

Once app is created, you can click on it and review the settings.

clipboard_e635b3b6132ef6bec6f8e100fa776027c.png

API Endpoint

The Secure Connect Private Application API endpoint incorporates CRUD (Create, Read, Update, Delete) operations, serving as a versatile interface for managing private applications within a given organization.

With these operations, users have the ability to programmatically create new private applications, retrieve details of existing applications, modify properties of specific applications, and remove applications as needed.

This capability ensures efficient management and control of the private applications lifecycle in a Meraki environment.

  • This is an early access API endpoint.

  • To opt-in for early access APIs, navigate to Organization > Early Access -> Early API Access.

 

  •  Keep in mind that this API endpoint might be subject to changes.

Next Steps

For additional information on network-based access policy rules for RAVPN and Branch users, see Cloud Firewall Private App and Network rules.

For additional information on browser-based access policy rules for external users, see Manage Browser Access Policy.