Guides
Secure Access Help Center

Requirements for Zero Trust Access

Resource requirements for client-based zero trust access

A resource that you want users to reach using zero trust access must meet the following requirements:

  • Does not serve client-to-client traffic. Example: Peer-to-peer Voice over IP (VoIP)
  • Does not serve server-to-client traffic. Example: Remote assistance
  • Does not require a unique client IP address. Example: Applications that use the SMBv1 protocol
  • Does not require SRV DNS records. Examples: Active Directory, Kerberos, SCCM
  • Does not perform an ICMP connectivity check before connecting using TCP or UDP
  • Does not have any dependencies that have any of the above conditions
  • All of the resource's dependencies and any redirects must be also be defined as private resources with client-based zero trust access enabled.

Resource requirements for browser-based zero trust access

  • Cisco recommends using a certificate signed by a publicly recognized certificate authority (CA).
  • The resource must not serve content or links using absolute URLs. All site content must be referenced using relative URL paths.

Network requirements for zero trust access

See the Zero Trust client-based access sections in Network Requirements for Secure Access.

Client requirements for client-based zero trust access

See Requirements for Secure Client with Zero Trust Access.

Updated 19 days ago