Meraki

Community

SecureConnect - Frequent Page Load Failures and Application Issues - Looking for SWG-based Solutions

Masaharu_K
Conversationalist
‎Dec 25 2025 3:34 PM
‎Dec 25 2025 3:34 PM

SecureConnect - Frequent Page Load Failures and Application Issues - Looking for SWG-based Solutions

Hello Cisco Community,

We are currently experiencing significant issues with our SecureConnect deployment and would appreciate any insights or recommendations.

 

**Environment: **
- Cisco SecureConnect with Meraki MX appliances
- Tunnel connections established between Meraki and SecureConnect PoP
- Traffic from both Meraki sites and Secure Client users routed through SecureConnect

 

**Current SWG Policy Configuration: **
- SSL Inspection is **not enabled**
- No traffic is being blocked by SWG policies (all traffic is currently allowed)

 

**Issue: **
Despite having a permissive SWG policy with no SSL decryption and no blocking rules, we are encountering numerous problems where web pages fail to load, and various applications do not function properly when traffic is routed through SecureConnect. This affects both site-to-site traffic from Meraki and remote users connecting via Secure Client.

 

**Current Guidance from Support: **
Cisco support has recommended configuring local breakout or split tunneling to resolve these issues. However, this approach is not practical for our organization as we have a large number of branch offices, making it extremely difficult to configure and maintain these settings on a per-site basis.

 

**What We're Looking For: **
Is there any way to address these issues centrally through SecureConnect's SWG or Umbrella policies instead of configuring exceptions at each individual site? We would prefer a solution that can be managed from a single point rather than requiring configuration changes across all our Meraki devices.

Has anyone else experienced similar issues? Any suggestions for a more scalable approach would be greatly appreciated.

 

Thank you in advance for your help. 

0 Kudos
2 Replies 2
ozumu
New here
Saturday
Saturday

Hey there! It sounds like you're running into a frustrating issue with SecureConnect and Meraki. Since you're not enabling SSL inspection or blocking traffic with SWG policies, the problems you're facing with web pages and apps might be related to how traffic is being routed through SecureConnect.

A centralized solution is definitely ideal, given your scale. Here are a few things you could try:

  1. Umbrella Integration: If you haven’t already, consider leveraging Cisco Umbrella's DNS-level filtering across all your Meraki devices. This can help address connectivity issues centrally without needing local breakout or split tunneling.

  2. SecureConnect Pathway Configuration: You could review the routing paths for SecureConnect and see if there’s an optimization to be made. Sometimes, making adjustments to the path selection or load balancing can help mitigate issues without needing individual site configurations.

  3. Traffic Inspection and Logs: Check if the traffic that's failing to load or causing issues is being misclassified or dropped by SecureConnect policies. The logs may provide some insights into whether certain types of traffic are getting stuck or being wrongly routed.

  4. Secure Client Settings: For remote users, ensure the Secure Client configuration is consistent and there aren’t any split tunneling settings inadvertently causing connectivity issues.

The key will be centralizing as much of the configuration as possible through Umbrella and SecureConnect policies. Hopefully, this helps narrow down the root cause!

0 Kudos
In response to ozumu
ozumu
New here
5 hours ago
5 hours ago

Si potrebbe anche voler sanità mentale-controllare un paio di cose meno ovvie che hanno morso gli altri:

Problemi MTU / frammentazione: anche senza ispezione SSL, SecureConnect può essere sensibile ai disallineamenti MTU. Prova a testare con un MTU leggermente inferiore sui tunnel Meraki o sul profilo client sicuro e vedi se gli errori di caricamento della pagina casuale scompaiono.

Stranezze di routing app-aware: alcune app SaaS non amano davvero essere tagliate attraverso SWG, anche in modalità “consenti tutto”. Cisco ha interni https://vlad-casino.it/ allowlists / bypass categorie che TAC può abilitare globalmente-vale la pena spingerli su questo.

Selezione PoP: assicurati che i tuoi siti e gli utenti atterrino costantemente sul POP SecureConnect più vicino. La selezione POP non ottimale può causare latenza e comportamento di timeout strano.

Linea di fondo: hai ragione a spingere indietro su sblocchi per sito. Questo dovrebbe essere risolvibile centralmente, ma di solito ci vuole TAC scavare in log di flusso, MTU, e POP routing piuttosto che SWG regole stesse. Se puoi, chiedi al supporto di trattarlo come un caso di degrado della connettività, non come un problema politico, che spesso cambia la loro profondità.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.