Skip to main content

 

Cisco Meraki Documentation

Cisco Secure Connect - Features

This article describes the features and benefits of Cisco Secure Connect, including Native Meraki SD-WAN Integration for seamless branch connectivity, Clientless Zero Trust Network Access for secure application access without endpoint agents, and Client-Based Secure Remote Work for remote access with identity-based controls. It also highlights Secure Internet Access, User Authentication, Unified Management, and Network Interconnect.

Learn more with these free online training courses on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training.

Features and Benefits:  

Feature 

Benefit 

 

Native Meraki SD-WAN  Integration 

 

Easily connect your branch sites to Cisco Secure Connect with the built-in Native Meraki SD-WAN Integration for access to internet, SaaS and private applications and resources. Leveraging the Auto VPN capability of your Meraki Secure SD-WAN Appliance at your branch sites for connectivity to the SASE fabric provides increased resiliency and intelligent path selection. This also enables the organization to implement consistent access and security controls across all connected sites. 

Enhanced Meraki SD-WAN cloud
head-end

Cisco Secure Connect introduces a dynamically scalable high-bandwidth headend solution for the Meraki SD-WAN integration. Leveraging Meraki’s AutoVPN solution, this enhanced cloud traffic acquisition solution dynamically scales bandwidth per connecting Meraki SD-WAN site. The current bandwidth scale per site is approximately 500 Mbps, both unidirectional and bidirectional. This solution also offers an even more simplified user experience for integration of Meraki SD-WAN with Cisco Secure Connect.

 

Clientless (Browser-based) Zero Trust Network Access (ZTNA) 
 
 

 

 

Cisco Secure Connect enables least privileged access control to private applications and resources without requiring any agent or client installed on the endpoint device. Administrators can easily assign access privileges for contractors and employees only to resources they need access to, without any lateral move capability. Administrators can configure posture profiles for endpoint OS type and version, browser type and version and geo-location information to be used in the access decision.     

Client-based Zero-Trust Network Access (ZTNA)

Client-based ZTNA offers a feature-rich solution powered by Cisco Secure Access, providing a seamless end-user experience that connects users to private applications and resources using any port and any protocol. User access to applications and resources is instant requiring fewer steps, delivering better remote worker experiences and stronger security. Administrators can reduce the attack surface, enforce least-privilege controls, enable posture validation, and eliminate security gaps in a distributed environment.

 

Client Based Secure Remote Work  (VPN Access)

 

 

Cisco Secure Connect enables remote users to access private applications from anywhere through the Cisco Secure Connect fabric using a Cisco Secure Client. Zero Trust is built into the cloud-native remote access service as a default, with identity based access control using SAML authentication through the customer’s IdP (Identity Provider). Endpoint posture is also evaluated, enables granular access control to private resources. 

 

Secure Internet Access 

 

Secure Internet Access provides safe access to the internet anywhere users go, even when they are off the VPN. Before the user is connected to any destination, Cisco Secure Connect acts as your secure onramp to the internet and provides the first line of defense and inspection with hybrid protection on the edge and in the cloud. Regardless of where users are located or what they’re trying to connect to, traffic can go through the fabric first. Once the traffic gets to the cloud platform, there are different types of inspection and policy enforcement that can happen, based on the security needs of the traffic.  

Cisco Secure Connect includes cloud-based cloud based security services such as: Secure web gateway, cloud-delivered firewall, DNS-layer security, cloud access security broker (CASB), and data loss prevention. This robust security solution receives real-time proactive threat updates from Cisco Talos Intelligence, keeping your users secure while alleviating your IT Team from this tedious process. 

User authentication

Cisco Secure Connect enables customers to bring their own identity provider (IdP) for end-user authentication to the service. Integration establishes a trust relationship with the IdP which allows users to authenticate with their existing credentials via SAML 2.0 and synchronize any changes made in your IdP with Secure Connect via SCIM 2.0.

Meraki policy import

Cisco Secure Connect natively introduced a policy import feature that is specifically designed for those who currently have their remote workforce access company resources via remote access connections to the Meraki MX headend. If those customers are transitioning to Secure Connect remote access services, this feature will allow them to import their MX firewall policies affecting client VPN traffic to Secure Connect’s cloud firewall through a guided wizard. This will help reduce the time administrators need to create and streamline their policies. Furthermore, it detects duplicates before the migration.

 

Unified Management 

 

 

 

 

Cisco Secure Connect management is handled through a single dashboard to configure, monitor, and troubleshoot the service. Configuration is simplified with guided flows and dynamic checklists. Monitoring of users and sites occurs in a single pane of glass that unifies security and connectivity indicators.

As part of consolidating network and security controls to unify and provide a single pane of glass experience, the following are some of the key updates:

Unified Cloud-Delivered Firewall (CDFW): CDFW policy control and management of all branch-internet, remote users-internet, and interconnects is now available on the Secure Connect dashboard.

Unified posture: Client-based and browser-based access posture control and management are now available on the Secure Connect dashboard.

Remote access: Remote access service can now be configured and managed directly from Secure Connect dashboard. Remote access logs can now be exported from the Secure Connect dashboard for all analysis and monitoring.

 

Network Interconnect 

 

 

 

 

Network Interconnect provides intelligent routing between sources and destinations connected to Cisco Secure Connect. Any node connected to the Interconnect seamlessly gains access to any already-connected node, pending access policy- enforced in a hybrid way cross the edge and the cloud fabric. This drastically reduces the network complexity, providing a highly available network fabric with minimal setup and maintenance.