Jump to Content
Cisco Secure Access - DNS Defense Help
Guides
Secure Access Help CenterCisco Secure Access - DNS Defense Help
Guides
Secure Access Help Center
Guides

Cisco Secure Access - DNS Defense Help

  • Welcome to Cisco Secure Access - DNS Defense
    • Sign into Secure Access - DNS Defense with Security Cloud Sign On
    • Find Your Organization ID
    • Determine Your Current Package
    • View Cloud Security Service Status
    • Contact Cisco Secure Access Support
  • Secure Access Single Sign-On Authentication
    • Configure Single Sign-On Authentication
    • Troubleshoot Single Sign On Authentication
  • Get Started
    • Begin Secure Access Onboarding Workflow
    • Step 1 – Configure Network Connections
    • Step 2 – Configure Access to Resources
    • Step 3 - Configure End User Connectivity
    • Step 4 – Configure Endpoints and Network Sources
    • Secure Access Overview Dashboard
  • Limitations and Range Limits
    • Data Retention
    • Monthly DNS Query Average
  • Network Requirements for Secure Access
  • Manage Network Connections
    • Comparison of Network Connection Methods
  • Manage Network Tunnel Groups
    • Device Compatibility and Network Tunnels
    • Add a Network Tunnel Group
    • Delete a Network Tunnel Group
    • Edit a Network Tunnel Group
    • View Network Tunnel Group Details
    • Supported IPsec Parameters
  • Network Tunnel Configuration
    • Configure Tunnels with Catalyst SD-WAN cEdge and vEdge
    • Configure Tunnels with Cisco ISR
    • Configure Tunnels with Cisco Adaptive Security Appliance
    • Configure Tunnels with Meraki MX
  • Manage Resource Connectors and Connector Groups
    • Requirements and Prerequisites for Resource Connectors and Connector Groups
    • Allow Resource Connector Traffic to Secure Access
    • Add Resource Connector Groups
    • Add Connectors to a Connector Group
    • Obtain the Connector Image
    • Provisioning Keys for Resource Connectors
    • Deploy a Connector in VMware
    • Deploy a Connector in AWS
    • Deploy a Connector in Azure
    • Determine the Number of Connectors Needed in a Connector Group
    • Assign Private Resources to a Connector Group
    • View a Connector Group's Connectors and Assigned Resources
    • Disable, Revoke, or Delete Resource Connectors and Groups
    • Maintain and Monitor Resource Connectors and Connector Groups
    • Troubleshoot Resource Connectors and Connector Groups
  • Manage Users and Groups
    • Import Users and Groups from CSV File
    • Provision Token for Identity Provider
    • Provision Users and Groups from Okta
    • Provision Users and Groups from Azure AD
    • Provision Users and Groups from Google Workspace
    • View User Details
    • View Group Details
    • View Endpoint Device Details
    • Unenroll Devices for Client-Based Zero Trust Access
    • Disconnect Remote Access VPN Sessions
    • Provision Users, Groups and Endpoint Devices from Active Directory
      • Connect Active Directory to Secure Access
      • Connect Multiple Active Directory Domains
      • Change the Connector Account Password
      • AD Connector Communication Flow and Troubleshooting
  • Configure Integrations with SAML Identity Providers
    • Prerequisites for SAML Authentication
    • Configure Azure AD for SAML
    • Configure Okta for SAML
    • Configure AD FS for SAML
    • Configure Duo Security for SAML
    • Configure Ping Identity for SAML
    • Configure OpenAM for SAML
    • SAML Certificate Renewal Options
    • Test SAML Identity Provider Integration
    • Delete SAML Identity Provider Integration
  • Manage End-User Connectivity
  • Manage DNS Servers
  • Traffic Steering for Zero Trust Access Client-Based Connections
    • Using Wildcards to Configure Traffic Steering for Private Destinations
  • Manage Virtual Private Networks
    • FQDNs for Network Connections
    • Manage IP Pools
    • Add an IP Pool
    • Manage VPN Profiles
    • Add VPN Profiles
    • Add a RADIUS Group
  • Manage Internet Security
    • Set Up Internet Security on User Devices
    • Manage Internet Security Bypass
    • Configure Cisco Secure Client Settings
  • Manage Domains
    • Add Internal Domains
  • Internal Networks Setup Guide
    • Provision a Subnet for Your Virtual Appliance
    • Manage Sites
    • Manage Internal Networks
    • Assign a Policy to Your Site
  • Manage a Network Device
    • Delete a Network Device
  • Manage Registered Networks
    • Add Network Resources
    • Point Your DNS to Cisco Secure Access
    • Clear Your DNS Cache
    • Update a Network Resource
    • Delete a Network Resource
  • Manage Roaming Devices
    • View Internet Security Settings for Roaming Devices
    • Edit Internet Security Settings for Roaming Devices
    • Delete a Roaming Device
  • Manage Destination Lists
    • Add a Destination List
    • Edit a Destination List
    • Add Destinations in Bulk
    • Download Destinations to a CSV File
    • Control Access to Custom URLs
    • Wildcards and Destination Lists
    • Add Top-Level Domains to Destination Lists
    • Add Punycode Domain Name to Destination List
    • Test Your Destinations (Hidden in SSE/SSE DNS)
    • Search for a Destination List
    • Troubleshoot Destination Lists
  • Manage Application Lists
    • Add an Application List
    • Application Categories
    • Delete an Application List
  • Manage Content Category Lists
    • Available Content Categories
    • Add a Content Category List
    • Request a Category for an Uncategorized Destination
    • Dispute a Content Category
    • View Content Categories in Reports
  • Manage Private Resources
    • Add a Private Resource
    • Add a Private Resource Group
    • Private Resource Configuration Examples
  • Manage AAA Servers
  • Manage Connections to Private Destinations
    • Comparison of Zero Trust Access and VPN
    • Comparison of Client-Based and Browser-Based Zero Trust Access Connections
    • Requirements for Zero Trust Access
    • Network Authentication for Zero Trust Access
    • Manage Branch Connections
  • Manage the Access Policy
    • About the Access Policy
    • Show Additional Data on Your Access Rules
    • Edit the Order of the Rules in Your Access Policy
    • Rule Defaults: Default Settings for Access Rules
    • Global Settings for Access Rules
    • Edit Rule Defaults and Global Settings
    • Edit the Default Access Rule
  • Get Started With Private Access Rules
    • Components for Private Access Rules
    • Default Settings for Private Access Rules
    • Add a Private Access Rule
    • About Configuring Sources in Private Access Rules
    • About Configuring Destinations in Private Access Rules
    • About Endpoint Requirements in Access Rules
    • Allowing Traffic from Users and Devices on the Network
    • Global Settings for Private Access Rules
    • View Rules Associated with a Private Resource
    • Troubleshoot Private Access Rules
  • Get Started With Internet Access Policy
    • Components for Internet Access Rules
    • Default Settings for Internet Access Rules
    • Add an Internet Access Rule
    • About Configuring Sources in Internet Access Rules
    • About Configuring Destinations in Internet Access Rules
    • Ensure Rule Matching for Encrypted Internet Traffic
    • Block Internet Access to Geographic Locations
    • Advanced Application Controls
    • Global Settings for Internet Access Rules
    • About Isolated Destinations
      • Isolate Downgrade
    • Troubleshoot Internet Access Rules
    • Zero Trust Access to Internet Destinations
  • Manage File Inspection for Internet Policy
    • Enable File Inspection
    • Test File Inspection
    • Troubleshooting
    • File Inspection Reports
  • Manage File Inspection and File Analysis for Private Access Rules
    • Enable File Inspection
    • Enable File Analysis by Cisco Secure Malware Analytics
    • Test File Inspection
    • Monitor File Inspection and Analysis Activity
    • Troubleshoot and Monitor File Inspection and Analysis
  • Manage File Type Controls
  • Manage the Intelligent Proxy
    • Enable the Intelligent Proxy
    • Test the Intelligent Proxy
    • Test Selective Decryption
    • Review the Intelligent Proxy Through Reports
    • Enable SSL Decryption
  • Manage Endpoint Security
    • Endpoint Attributes
  • Manage Zero Trust Access Posture Profiles
    • Add a Client-Based Zero Trust Access Posture Profile
    • Add a Browser-Based Zero Trust Access Posture Profile
  • Manage VPN Connection Posture Profiles
    • Add a VPN Connection Posture Profile
  • Manage IPS Profiles
  • Manage Security Profiles
    • Security Profiles for Internet Access
    • Add a Security Profile for Internet Access
    • Enable SafeSearch
    • Security Profiles for Private Access
    • Add a Security Profile for Private Access
  • Manage Threat Categories
    • Threat Category Descriptions
    • Add a Threat Category List
    • Dispute a Threat Categorization
  • Manage Notification Pages
    • Preview Notification Pages
    • Create Custom Block pages
    • Allow Users to Contact an Administrator
    • Block Page IP Addresses
  • Manage Traffic Decryption
    • Important Information About Do Not Decrypt Lists
    • Add a Do Not Decrypt List for Internet Access
  • Manage Accounts
    • Add a New Account
    • Edit Account Settings
    • Delete an Account
    • Hide Identities with De-identification
  • Manage Cloud Malware Protection
    • Enable Cloud Malware Protection
    • Revoke Authorization for a Platform
    • Enable Cloud Malware Protection for AWS Tenants
    • Enable Cloud Malware Protection for Azure Tenants
    • Enable Cloud Malware Protection for Box Tenants
    • Enable Cloud Malware Protection for Dropbox Tenants
    • Enable Cloud Access Security Broker Features for Microsoft 365 Tenants
    • Enable Cloud Malware Protection for Webex Teams
    • Enable Cloud Malware Protection for Google Drive
    • Enable Cloud Malware Protection for Slack Tenants
    • Enable Cloud Malware Protection for ServiceNow Tenants
  • Manage API Keys
    • Add Secure Access API Keys
    • Add KeyAdmin API Keys
  • Log Management
    • Enable Logging
    • Enable Logging to Your Own S3 Bucket
    • Enable Logging to a Cisco-managed S3 Bucket
    • Change the Location of Event Data Logs
    • Stop Logging
    • Delete Logs
    • Log Formats and Versioning
      • Reports and CSV Formats
      • Admin Audit Log Formats
      • Cloud Firewall Log Formats
      • DNS Log Formats
      • IPS Log Formats
      • Remote Access VPN Log Formats
      • Web Log Formats
      • Zero Trust Access Log Formats

Reports

  • Monitor Secure Access with Reports
    • Export Report Data to CSV
    • Bookmark and Share Reports
    • Report Retention
    • Report Scheduling
    • Schedule a Report
    • Update a Scheduled Report
  • Remote Access Log Report
    • View the Remote Access Log Report
  • Activity Search Report
    • View and Customize the Activity Search Report
    • View Zero Trust Events in Activity Search Report
    • View Activity Search Report Actions
    • Schedule an Activity Search Report
    • Use Search and Advanced Search
  • Security Activity Report
    • View Activity and Details by Filters
    • View Activity and Details by Event Type or Security Category
    • View an Event's Details
    • Search for Security Activity
  • Total Requests Report
  • Activity Volume Report
  • App Discovery Report
    • View the App Discovery Report
    • View the Highest Risk Apps
    • Review Apps in the Apps Grid
    • View App Details
    • Change App Details
    • Control Apps
    • Control Advanced Apps
    • View Traffic Data Through SWG Service
  • Top Destinations Report
    • Destination Details
  • Top Categories Report
    • Category Details
  • Third-Party Apps Report
  • Cloud Malware Report
  • Admin Audit Log Report
    • Export Admin Audit Log Report to an S3 Bucket

DNS Forwarders

  • Virtual Appliance Introduction
    • Prerequisites
    • Deployment Guidelines
    • Importance of Running Two VAs
  • Deploy Virtual Appliances
    • Deploy VAs in Hyper-V for Windows 2012 or Higher
    • Deploy VAs in VMware
    • Deploy VAs in Microsoft Azure
    • Deploy VAs in Amazon Web Services
    • Deploy VAs in Google Cloud Platform
    • Deploy VAs in KVM
    • Deploy VAs in Nutanix
  • Configure Virtual Appliances
  • Local DNS Forwarding
  • Reroute DNS
  • Update Virtual Appliances
  • Virtual Appliance Sizing Guide
  • SNMP Monitoring
  • Troubleshoot Virtual Appliances
  • Other Configurations
  • Active Directory Integration with the Virtual Appliances
    • Prerequisites
    • Active Directory User Exceptions
    • Prepare Your Active Directory Environment
    • Connect Active Directory to Umbrella VAs
    • Multiple Active Directory and Secure Access Sites
    • Change the Connector Account Password
    • Communication Flow and Troubleshooting

Managed iOS Device

  • Cisco Security Connector—Secure Access Setup Guide
    • Quick Start
    • Anonymize Devices
  • Meraki Registration
    • Verify Secure Access with Meraki
    • Meraki Documentation
  • Apple Configurator 2 Registration
  • IBM MaaS360 Registration
  • Intune Registration
  • Jamf Registration
  • MobiConnect Registration
  • MobileIron Registration
    • MobileIron Configuration
  • Workspace ONE Registration
  • Register an iOS Device Through a Generic MDM System
  • Apply Secure Access Policies to Your Mobile Device
    • Secure Access Reporting
  • Add User Identity for Cisco Security Connector
  • Troubleshooting
  • Configure Cellular and Wifi Domains

Managed Android Device

  • Cisco Secure Client (Android OS)
  • Deploy the Android Client
    • Android Configuration Download
    • Cisco Meraki MDM
    • MobileIron MDM
    • VMware Workspace ONE
    • Microsoft Intune MDM
    • Samsung Knox MDM
    • Manage Pop-Ups and App Controls
  • Manage Identities
  • Troubleshooting
  • Frequently Asked Questions

Unmanaged mobile device Protection

  • Secure Access Unmanaged Mobile Device Protection
  • Administrator Actions
  • End-User Actions

Cisco Secure Client

  • Cisco Secure Client Overview
  • Get Started and Manage Client-based Zero Trust Access from Mobile Devices
    • Set up the Zero Trust Access App for iOS Devices
    • Set up the Zero Trust Access App for Android on Samsung Devices
    • Monitor and Troubleshoot the Zero Trust Access App from Mobile Devices
  • Get Started with Cisco Secure Client on Windows and macOS Devices
    • Prerequisites
    • Download Cisco Secure Client
    • Download the OrgInfo.json File
    • Manual Installation of Cisco Secure Client (Windows and macOS)
    • Mass Deployment Overview
    • Mass Deployment (Windows)
    • Customize Windows Installation of Cisco Secure Client
    • Mass Deployment (macOS)
    • Customize macOS Installation of Cisco Secure Client
    • VPN Headend Deployment
    • Secure Firewall Management Center and Secure Firewall Threat Defense
    • Meraki Systems Manager (SM) Deployment
    • Migration from Umbrella Roaming Client
    • Install the Root Certificate for All Browsers
    • Cloud Management
    • Additional References
    • Remote Monitoring and Management Deployment Tutorials
  • Manage Internet Security on Cisco Secure Client
    • Umbrella Roaming Security Module Requirements
    • Domain Management
    • Interpret Internet Security Diagnostics
    • IPv4 and IPv6 DNS Protection Status
  • Manage Zero Trust Access on Cisco Secure Client
    • Invite Users to Enroll in Zero Trust Access for Secure Client
    • Requirements for Secure Client with Zero Trust Access
    • Troubleshoot Client-Based Zero Trust Access
    • Unenroll a Device from Zero Trust Access
  • Manage Virtual Private Networks on Cisco Secure Client
    • Download the Virtual Private Network XML Profile
    • CA Certificates for VPN Connections

Cisco Security for Chromebook Client

  • About Cisco Security for Chromebooks
  • Prerequisites for Cisco Security for Chromebooks Client
  • Limitations for Cisco Security for Chromebooks
  • Integrate the Google Workspace Identity Service
  • Deploy the Cisco Security for Chromebooks Client
    • Bypass Internal Domains from DNS-over-HTTPS (DoH)
    • Enable Reporting for Private IP Address of Chromebook Device
    • Verify Cisco Security for Chromebooks Client Deployment
    • Export Device Data to CSV
    • Troubleshoot Cisco Security for Chromebooks Client Deployment
  • View Protection Status of Chromebook Devices
  • Add Policies to a Chromebook Device
  • Cisco Security for Chromebooks Client FAQ
  • Google Workspace Identity Service FAQ

Contact Cisco Secure Access Support

Support for Secure Access can be reached through Cisco Support at https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html


View Cloud Security Service Status > Contact Cisco Secure Access Support > Secure Access Single Sign-On Authentication

Updated 3 days ago