Limitations and Range Limits
Secure Access sets limitations by component and defines the amount of time that your data is available on our system. These general limitations affect how you configure, deploy, and interact with Secure Access.
Table of Contents
- Access Policy
- Cisco Secure Client
- Data Retention
- Destinations for Client-Based Zero Trust Traffic
- Domain Names
- File Inspection and File Analysis
- Internet Protocol Versions
- Reports
- Resource Connectors and Resource Connector Groups
- Service Connections
- Users and Groups
Access Policy
- The Secure Access Unified Policy Framework supports 5000 rules.
Cisco Secure Client
- Secure Access checks the Cisco Secure Client Zero Trust Access (ZTA) posture profile every 30 minutes.
- Secure Access applies private application configuration changes to the Cisco Secure Client every 30 minutes.
Data Retention
- DNS logs—Summary data (such as queries per identity or domain) is available for one calendar year.
- DNS, Web proxy, firewall logs—Data retained for 30 days.
Destinations for Client-Based Zero Trust Traffic
The maximum number of rules for steering zero trust traffic to private destinations is 25,000. These rules appear on the Connect > End User Connectivity > Zero Trust page.
This limit includes:
- Destinations that are automatically added to the Traffic Steering page for each "Internally reachable address" that you configure for Private Resources when client-based zero trust connections are enabled.
- Wildcard exceptions to the private resource addresses, which you configure on the Zero Trust Traffic Steering page.
- Any other destinations configured directly on the Zero Trust Traffic Steering page. (This is not recommended.)
To reduce the number of rules, consider using wildcards. See Using Wildcards to Configure Traffic Steering for Private Destinations .
Domain Names
You can configure various components in Secure Access with domain names, for example:
Note: A domain name can have a maximum of 253 characters. A subsection or label in the domain name must have at least two and no more than 63 characters. Domain names may contain alphanumeric characters and the hyphen.
File Inspection and File Analysis
See Manage File Inspection and File Analysis for details about supported files and limitations for file inspection and analysis performed by Cisco Advanced Malware Protection (AMP), Secure Access antivirus scanner, and Cisco Secure Malware Analytics.
Internet Protocol Versions
Feature | Limit |
|---|---|
| IPv4 | Supported by all services. |
| IPv6 | Supported by DNS. |
Reports
Feature | Limit |
|---|---|
| Data available for one calendar year. |
| Data retained for 30 days. |
| Data retained for one calendar year. |
| Data retained for one calendar year. |
| Scheduled Report (email attachment) | Accepts up to 10,000 rows of data. |
| Exported Report (CSV export) | Exports no more than 1,000,000 rows of data. |
Resource Connectors and Resource Connector Groups
| Feature | Limit |
|---|---|
| Maximum number of connector groups per organization | 50 |
| Maximum number of connectors per connector group | 50 |
Service Connections
The number of total, concurrent browser-based Secure Shell (SSH) and Remote Desktop Protocol (RDP) sessions supported is limited to the total number of Secure Access Advantage, Secure Private Access (SPA) licenses purchased, regardless of the number of configured applications.
Users and Groups
- You can import no more than 200 Groups into a Secure Access organization.
- For access to private applications, configure the user and private applications to use the same data center.
Quickstart – Bring Your Own Device with Zero Trust > Limitations and Range Limits > Network Requirements for Secure Access
Updated 20 days ago