About Access Rule Settings
The Cisco Secure Access policy is the collection of an organization's internet and private access rules. Rules that you create in the Access policy have rule conditions, settings, attributes, and actions.
Global rule settings affect all rules in the Access policy. You can enable rule-level settings on individual rules.
| Scope of Setting | Setting Name | Type | Description |
|---|---|---|---|
| Global | sse.decryption.logInternet |
boolean | Specify whether to enable the logging of the decrypted traffic on internet destinations. |
| Global | sse.decryption.logPrivate |
boolean | Specify whether to enable the logging of the decrypted traffic on private destinations. |
| Global | sse.globalIPSEnabled |
boolean | Specify whether to enable the Secure Access Intrusion Prevention System (IPS) setting. |
| Global | sse.ztaAuthnTimeoutEnabled |
boolean | Specify whether to enable the Zero Trust authentication timeout setting. |
| Global | sse.ztnaSessionTimeoutMinutes |
integer | The time in minutes before the Secure Access Zero Trust Access (session) ends for the end users. The default value is 60. Set a whole number greater than or equal to 60. |
| Global | umbrella.m365Compatibility |
boolean | Specify whether to enable the Microsoft 365 Compatibility option. This option exempts Microsoft 365 traffic from inspection and policy enforcement, allowing it to pass through Secure Access unaltered. When you configure tenant controls for Microsoft 365, Secure Access decrypts these Microsoft login domains (login.microsoftonline.com, login.microsoft.com, and login.windows.net) for the purpose of tenant enforcement. |
| Global | umbrella.logLevel |
LOG_NONE, LOG_ALL, LOG_SECURITY | Specify the Secure Access logging level. |
| Global | umbrella.applySecurity |
boolean | Specifywhether to secure your network and endpoints using a variety of anti-malware engines and threat intelligence. |
| Global | umbrella.ipSurrogatesEnabled |
boolean | Specify whether to enable IP surrogates. |
| Global | umbrella.sessionTimeoutSeconds |
integer | Defines the session timeout in seconds for the browser-based access rules. |
| Global | umbrella.enableSafeSearch |
boolean | Specify whether to filter out offensive search resutls from search engines (Google, YouTube, Yahoo, and Bing). When searching, a search engine will return no explicit, unsafe or potentially harmful search results. |
| Global | umbrella.pinnedCertificate |
boolean | Specify whether to bypass certificate pinning for destinations. |
| Global | sse.warnRecaptcha |
integer | Specify whether to display a WARN reCAPTCHA. |
| Global | umbrella.advancedApplicationIds |
array[] integers | Set the list of applications with advanced settings. |
| Global | umbrella.securitySettingsId |
integer | Set the security settings group. |
| Global | umbrella.certValidationExceptions |
object | Manage valid certificates. |
| Global | global.setting.disableDecryptionSource |
array[] strings | Set the list of IP addresses or CIDRs where Secure Access will disable decryption. |
| Global | umbrella.logHttpsQuery |
boolean | Specify whether to enable the logging of HTTP queries. |
| Rule | umbrella.default.traffic |
PUBLIC_INTERNET, PRIVATE_NETWORK | Define the network access rule traffic for the source component on the default rules. |
| Rule | umbrella.posture.vpnProfileId |
integer | Set the ID of the Secure Access VPN profile. |
| Default Setting | sse.tenantControlProfileId |
integer | Set the ID of the Secure Access tenant control profile. |
| Default Setting | umbrella.posture.profileIdClientbased |
integer | Set the ID of the client-based Secure Access Zero Trust profile. |
| Default Setting | umbrella.posture.profileIdClientless |
integer | Set the ID of the browser-based Secure Access Zero Trust profile. |
| Default Setting | umbrella.posture.webProfileId |
integer | Set the ID of the Secure Access Security profile for internet access rules. |
| Default Setting | umbrella.posture.privateSecurityProfileId |
integer | Set the ID of the Secure Access Security profile for private access rules. |
| Default Setting | umbrella.posture.ipsProfileId |
integer | Set the ID of the Secure Access IPS profile. |
| Default Setting | sse.ztaAuthnTimeoutMinutes |
integer | The frequency in minutes when the end users must authenticate with Secure Access for Zero Trust Access. |