Making Technology Simple - Secure Connect

cisco secure connect

Is Cisco Meraki's SSE Solution.

Cisco Secure connect is a cloud based solution that

Connects users securely,
Working anywhere,
To any application,

a) hosted in on premise data center,

b) hosted in a private cloud,

c) or a Public SaaS applications.

Offers both client-based and clientless remote worker access, with cloud-based security capabilities into one subscription.

Available in two packages:

a) Foundation package

Includes Cisco Umbrella® SIG capabilities that provide

Secure internet access connectivity for branch and roaming users;
Cisco Secure Connect fabric interconnect, providing private application access for branch users;
Unified dashboard, offering streamlined operations management visibility and control for security and network policies;

b) Complete package

Includes

Client-based remote access as-a-service capabilities,
Client-based and clientless browser-based ZTNA capabilities that provide a zero-trust security model for users.

use cases

Secure Internet Access

Secure Connect acts as your secure onramp to the Internet and provides the first line of defense to

Users, Applications, and IoT devices in the office,
Remote users with Secure Client installed,

Internet bound traffic is sent to the Secure Connect cloud, where outbound and inbound traffic is inspected.

Secure Internet Access services include

DNS Security
Cloud Firewall
Secure Web Gateway
Cloud Access Security Broker
Data Loss Prevention

Site Interconnect

Interconnects sites, users, and applications with Meraki SD-WAN and Cisco SD-WAN (vManage), standard IPSec VPN support, and direct SaaS and IaaS Peering.

Network interconnect provides intelligent routing between sites connected to the Secure Connect network fabric.

Cloud Firewall control access to private applications and resources, enforcing zero-trust policies.

The cloud architecture drastically reduces the network complexity, providing a secure, high-availability network fabric, while the unified user interface minimizes the time needed for setup, monitoring, and maintenance.

Note: Cisco SD-WAN sites are interconnected through the Cisco SD-WAN fabric, not the Secure Connect fabric. Cisco SD-WAN integration with Secure Connect is only for Secure Internet and Remote Access.

Cisco Secure Connect Sites - Meraki SD-WAN Integration

Secure Remote Access

Remote Access VPN

Secure Connect provides secure access to

Private network destinations
Applications

for remote workers via client-based tunnels using the Cisco Secure Client, and clientless per-app access using any browser.

Client-based ZTNA Access

Client-based ZTNA facilitates access to privately hosted applications.

This requires the installation of Cisco Secure Client on end-user devices, thereby restricting access to only those devices with the client installed and enrolled.
Duo Desktop is installed automatically with Cisco Secure Client and the ZTNA module and monitors device health. Device health information is then used for posture checks for ZTNA application access.
Unlike Remote Access VPN, users are authorized to access only specific applications, not the entire internal network, adhering to Zero Trust principles. Users are not required to initiate a tunnel connection manually. A tunnel from the end-user endpoint to the Secure Connect ZTNA reverse proxy is automatically established when the user accesses the application via a unique URL created during the application's configuration in Secure Connect.

Clientless ZTNA Access (Browser Access)

Clientless ZTNA facilitates frictionless access to private web-based applications without requiring users to install Secure Client on their devices or create special inbound rules on your on-premises firewall.

To access an application, the user connects to the Secure Connect ZTNA reverse proxy using a unique URL created during the application's configuration in Secure Connect. Before access is permitted to an application, both the user and device posture are verified and validated by a Browser Access Policy (BAP) on a per-session basis.