In addition to the the existing Remote Access and Browser-based ZTNA deployments(scenarios covered in Cisco Secure Connect Instant Demo), we are introducing the Client-based ZTNA to Meraki Launchpad🚀 for Cisco and partner sellers to demonstrate.
Feature Summary:
Zero Trust Network Access (ZTNA) is a turnkey-as-a-service solution that provides granular Zero Trust based access to network resources. Cisco Secure Client with the ZTA module or Cisco Zero Trust Access mobile apps (Apple iOS & Samsung Android 14+) enables endpoints for secure private access using Client-based ZTNA. More reading in Community post: Client-based ZTNA.
Demo Story:
Bill S. (bills@merakitraining.net) from the Finance department needs to access the internal private application with FQDN 'finance.merakitraing.net.' Instead of using a remote access VPN, Meraki Launchpad IT has decided to implement ZTNA, which offers more granular control over access to only the required network resources. The team opted for Client-based ZTNA, as it is well-suited for most modern, client-initiated applications. Bill's client device is not part of this demo, but as you can see below the device has been enrolled with Cisco Secure Client ZTA module and Bill's identity is associated.
Now, let's demonstrate how this Client-based ZTNA is implemented and managed.
Demo Flow (~15mins):
- As Cisco employees or partners, access Meraki Launchpad🚀 demo org via https://cs.co/mlp.
- Navigate to Secure Connect > Users page and verify Bill is part of the Finance Meraki Training group.
- Review the Finance Home private application on Secure Connect > Resources and Applications page. Highlight that only Client-based is enabled under Access methods section for this application.
- Review the Secure Connect > Zero Trust Access settings to confirm that the group Finance has the allow permission to access the appropriate resources and applications. Defining access policies by user group is a scalable way to manage your network. However, you can also configure policies at the individual user level.
- Now, you might be interested in how Meraki Launchpad IT team gains the visibility into Bill's access? First, navigate to Secure Connect > Security Activity to access the Umbrella dashboard. Once there, continue by selecting Reporting > Core Reports > Activity Search on the Umbrella side.
- Select Client-based ZTA to filter the activity logs, and you will find Bill accesses the application every few hours.
To conclude, with Cisco Secure Connect Client-based ZTNA, now Bill who is part of Finance group can efficiently access the internal finance application anytime from anywhere with their ZTNA trusted devices. Also, Meraki Launchpad IT team minimizes the attack surface by reducing unnecessary network access.
Resources:
Meraki Learning: Introducing Cisco Secure Connect
Meraki doc: Cisco Secure Connect - ZTNA Architecture Start
Meraki doc: Cisco Secure Connect - Client-based ZTNA
Meraki doc: Cisco Secure Connect - Zero Trust Access Policies