Onboarding
Steps:
- Step 1: Learn about Cisco Secure Access
- Step 2: Get started with Cisco Secure Access
Implement
Steps
-
Step 1: Configure infrastructure
- Task 1: Provision users and groups
- Step 2: Configure connectivity to Secure Access
-
Step 3: Deploy Cisco Secure Access Root Certificate Authority Rollout
- Task 6: Download Cisco Secure Access root certificate and deploy to end user devices
-
Step 4: Configure Device Network Servers (DNS) policy and traffic
redirection
to Secure Access
- Task 7: Register your public network to Cisco Secure Access
- Task 8: Configure Device Network Servers (DNS) servers to point to Cisco Secure Access (Umbrella) DNS Servers (Client setting, network device settings, DHCP settings)
- Task 9: Browse activity report in Cisco Secure Access dashboard and validate DNS traffic is coming to Cisco Secure Access
-
Step 5: Configure default web profile
- Task 10: Enable the default profile and enable/disable Security Assertion Markup Language (SAML) authentication
- Task 11: Confirm threat categories
- Task 12: Enable or disable File Inspection
- Task 13: Enable or disable File Type Blocking
- Task 14: Enable or disable SafeSearch
- Task 15: Customize notification pages
-
Step 6: Configure default Intrusion Prevention System (IPS) profile
- Task 16: Configure the default IPS profile for internet access
-
Step 7: Configure default VPN profile
- Task 17: Configure authentication, client posture, and traffic steering for VPN
-
Step 8: Create destination lists
- Task 18: Create initial Destination Lists based on domains and URLs
-
Step 9: Configure default internet access rules
- Task 19: Configure rule actions, sources for the rules, destinations for the rules, predefined categories for the rules, application lists for custom rules, the IPS Profile, and the Web Profile
-
Step 10: Validate default internet access rules
- Task 9: Browse the Activity Search Report and validate that selected threat categories are blocked and allowed destinations are accessible
Use
Steps
-
Step 1: Configure custom internet access rules
- Task 1: Configure rules for Secure Internet Access
- Step 2: Monitor Secure Access using reports
Engage
Steps
-
Step 1: Configure Single Sign-On authentication
- Task 1: Enable Security Assertion Markup Language (SAML) based Single Sign-On authentication
-
Step 2: Create internal networks
- Task 2: Define internal networks for creating internet access policies based on internal networks (subnets)
-
Step 3: Validate rule efficacy
- Task 3: Validate selected threat categories are blocked
Adopt
Steps
-
Step 1: Monitor Secure Access using reports
- Task 1: Review the pre-defined reports such as Security Overview, Security Activity, Activity Search, etc.
-
Step 2: Configure Tenants Software as a Service (SaaS applications)
- Task 2: Configure Tenants as used by the customer
-
Step 3: Configure Data Loss Prevention policies (requires Advantage
License)
- Task 3: Use built-in data classification and configure custom data classification
-
Step 4: Configure Inline Data Loss Prevention (requires Advantage
License)
- Task 4: Configure inline rules for selected destination lists/applications or all web traffic
-
Step 5: Configure Software as a Service (SaaS) API rules
- Task 5: Configure rules and policies for SaaS applications (Tenants)
-
Step 6: Configure security integrations
- Task 6: Configure integration with Cisco Malware Analysis for web traffic and SaaS applications
-
Step 7: Configure Remote Browser Isolation (requires
Advantage License)
- Task 7: Configure destination lists, content categories, and custom internet access policies for RBI
-
Step 8: Continue to increase user traffic
- Task 8: Review and increase the list of sites to be decrypted according to business needs
Comments
0 comments
Please sign in to leave a comment.