Skip to main content
Cisco Meraki Documentation

Cisco Secure Connect - Manage Web Policies


The Umbrella Web policy describes the URL-layer visibility in your network and enables the configuration and access control settings of the Umbrella Secure Web Gateway (SWG). The SWG evaluates web requests on port 80 or 443. The SWG provides full URL reporting, content control, malware scanning and evaluation by antivirus engines, full or selective SSL decryption, and app visibility. 

Secure Connect is integrated with Cisco Umbrella’s SWG. Cisco Umbrella uses statistical and machine learning models to uncover new attacks staged on the internet in combination with the threat intelligence data from Cisco Talos, a team of over 300 security researchers. Click here to learn more about the Umbrella's core policy types.

Plan Before You Start

Before you start implementing policies, we recommend that you read through these policy sections of our documentation in full. Decide what security and access controls should be put in place by users or groups of users. 

A Web policy is made up of rulesets and rulesets are made up of rules. A rule determines how Umbrella’s various securities protect your organization’s identities. This security protection includes configurations that control access to internet destinations. While the Web policy includes a configurable default ruleset that is applied to all identities, to take advantage of the various features offered by Umbrella's cloud-based SIG, add your own organization-centric rulesets and rules. You can add multiple rulesets and rules so that your various identities can be granted different permissions within the Web policy.

Note that while your identities can be added to any number of rulesets and rules, Umbrella applies the first matching ruleset to your identity and immediately stops evaluating. If no matching ruleset is found, Umbrella applies the default ruleset—listed as the Default Web Policy. Because of the way, Umbrella evaluates identities against rulesets and rules, it is important that you configure rulesets and rules correctly for each of your organization's identities. An error in configuration may result in unintended results: identities being left unprotected from various threats or users accessing destinations you may want to be blocked. Plan and design your rulesets and rules before you build them. For some helpful suggestions, see Best Practices for the Web Policy and Rulesets.

You create the Web policy through the Policy wizard, which is made up of the two parts below. Once the new policy is saved, it may take upwards of five minutes for the policy to replicate through Umbrella’s global infrastructure and start taking effect. 

  • Part One: Add a Ruleset — Select ruleset identities and then configure settings to determine protection options for the ruleset. 
  • Part Two: Add Rules to a Ruleset — Set rule actions—allow, warn, block, and isolate—against individual identities and the destinations those identities attempt to access. 

At this time QUIC protocol is not supported and it is recommend to explicitly disable QUIC protocol in web browsers.

Adding Policies

Presently Web policies are configured in the Cisco Umbrella dashboard. You will need to navigate to the Umbrella dashboard from the Secure Connect dashboard.

  1. To get to the Umbrella Web Policies page from the Secure Connect dashboard, from the Policies Overview > click on the Configure Web Policies link, or go to the Secure Connect > Policies > click the Web link.


  2. From the Umbrella Policies > Management > Web Policy page, click on the Add button in the top right corner to add a new policy. 


  3. For an overview on how to configure the advance application controls, please view the video below.  Otherwise, check out the links in the Resources section below for more information on how to create and test web policies.