Configure Network Connections
The final step in configuring Universal ZTNA is to configure private resources and the devices that are responsible for protecting the resources.
Before you begin
Complete the tasks discussed in Configure Security Devices.
Procedure
Step 1 | In Cisco Security Cloud Control, click . The Secure Access product menu appears in the left navigation bar. | ||
Step 2 | Click .Add private resources. For guidance, refer to Manage Private Resources.
| ||
Step 3 | Click .Add or edit access rules. For more information, refer to Manage the Access Policy. This sample access rule blocks access to a destination named swatw-app-1 : | ||
Step 4 | Click . | ||
Step 5 | Click the FTDs tab. The page displays the available Secure Firewall Threat Defense devices configured for universal zero trust network access. Before proceeding to the next step, ensure that the device is associated with a trusted network. This association enforces policies on traffic originating from the trusted network. After onboarding a Threat Defense device, it is automatically associated with a default trusted network if one exists. If not, you must create a trusted network and associate it with the Threat Defense device. | ||
Step 6 | Click the name of a Threat Defense device to configure. | ||
Step 7 | In the right pane, click Associate Resources.
| ||
Step 8 | In the Associate Private Resources dialog box, make the following selections to specify the access policy enforcement and traffic flow for a user:
The following figure shows an example of using a Threat Defense device to enforce access rules for the vftd-quic-app for on-premises users and vftd-amazon-app for all users, whether on-premises or remote. | ||
Step 9 | Click Save. The configurations are applied to the device, and the UZTA Configuration status column for the device displays Synced. The following figure shows an example. Configuration status can also be:
To view a detailed status for each resource and rule associated with a Threat Defense device, complete these actions: Universal ZTNA is now set up, allowing your clients to access private resources in your network securely. |