Limitations and Range Limits

Secure Access sets limitations by component and defines the amount of time that your data is available on our system. These general limitations affect how you configure, deploy, and interact with Secure Access.

Table of Contents

Access Policy

  • The Secure Access Unified Policy Framework supports 5000 rules.

Cisco Secure Client

  • Secure Access checks the Cisco Secure Client Zero Trust Access (ZTA) posture profile every 30 minutes.
  • Secure Access applies private application configuration changes to the Cisco Secure Client every 30 minutes.

Data Retention

  • DNS logs—Summary data (such as queries per identity or domain) is available for one calendar year.
  • DNS, Web proxy, firewall logs—Data retained for 30 days.

Domain Names

You can configure various components in Secure Access with domain names, for example:

Note: A domain name can have a maximum of 253 characters. A subsection or label in the domain name must have at least two and no more than 63 characters. Domain names may contain alphanumeric characters and the hyphen.

File Inspection and File Analysis

See Manage File Inspection and File Analysis for details about supported files and limitations for file inspection and analysis performed by Cisco Advanced Malware Protection (AMP), Secure Access antivirus scanner, and Cisco Secure Malware Analytics.

Internet Protocol Versions



IPv4Supported by all services.
IPv6Supported by DNS.




  • Total Requests
  • Top Destinations
  • Top Categories
  • Top Identities
Data available for one calendar year.
  • Activity Search
  • Security Activity
Data retained for 30 days.
  • Activity Volume
Data retained for one calendar year.
  • Admin Audit Log
Data retained for one calendar year. You can access data in 90-day increments.
Scheduled Report (email attachment)Accepts up to 10,000 rows of data.
Exported Report (CSV export)Exports no more than 1,000,000 rows of data.

Resource Connectors and Resource Connector Groups

Maximum number of connector groups per organization50
Maximum number of connectors per connector group


Users and Groups

  • You can import no more than 200 Groups into a Secure Access organization.
  • For access to private applications, configure the user and private applications to use the same data center.

Quickstart – Bring Your Own Device with Zero Trust > Limitations and Range Limits > Network Requirements for Secure Access