Manage Destination Lists
A Cisco Secure Access destination list is a collection of domains, URLs, IPv4 and IPv6 addresses, and CIDR blocks. You can add, modify, and remove a destination list in Secure Access, and download the destinations in a destination list to a comma-separated values (CSV) file.
After you add a destination list with destinations in Secure Access, you can select the destination list on internet access rules. The security controls for an internet access rule—allow or block—apply to the destinations in the destinations lists.
Best Practices
- Large destination lists can impact Secure Access performance. We recommend that you set a limit of no more than 100 destinations per list.
- Internet access rules specify how Secure Access handles traffic to internet destinations. The rules apply to traffic from managed devices to public internet sites and applications, including public cloud applications of which your company is a tenant.
- You can add a destination list to Secure Access at any time. However, the destination list has no effect until you have added it to an internet access rule.
How to Format Your Destination List
Always enter domains in this format: domain.com
. Secure Access does not support this format: www.domain.com
.
Using the correct format ensures that*.domain.com
is included in your destination list (a wildcard is implicit). However, if you only want to block subdomain.domain.com, you must be more specific when you define the entry.
Note: Destination lists accept domain names that are encoded in Punycode. For more information, see Add Punycode Domain Name to Destination List.
Manage Sites < Manage Destination Lists > Add a Destination List
Updated about 2 months ago