CLOUD SECURE EDGE
SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses the limitations of legacy network appliances with a unified, scalable approach to secure access. It empowers organizations that consist of a variety of users (employees, contractors, third
parties, etc.) to seamlessly and securely connect to both private and internet resources from any device or location.
By consolidating key networking and security functions like remote access VPN, web proxy, and firewalls into a single, cloud-delivered platform, Cloud Secure Edge strengthens your organization’s security posture and enables you to adopt a proactive security strategy, all while delivering a disruption-free end-user experience.
 Address Security Gaps
|
 Superior User Experience
|
 Proactively Reduce Risk
|
| Ensures that every device meets the minimum-security requirements before being allowed to access any corporate resources. This includes ensuring that devices have the latest security updates and patches, that they have anti-virus software installed, and that they are not jailbroken or rooted. This allows you to address security gaps at the get go with security posture verification. | Deliver a seamless and disruption-free experience for your end users through intelligent routing which ensures that traffic is directed through the most secure and efficient route to the resource. This includes routing traffic through secure gateways and ensuring that sensitive data is encrypted. | Reduce the risk of attackers from moving laterally or compromised users from accessing resources. User verification proactively ensures that only authorized users can access corporate resources. This includes implementing multi-factor authentication and restricting access to resources based on user roles and privileges. |
Cloud Secure Edge (CSE) Datasheet
Cloud Secure Edge - Private
Cloud Secure Edge - Internet
Secure Private Access (SPA) and Secure Internet Access (SIA) SKUs are both available in two tiers: Basic and Advanced. What you get in each:
| Secure Private Access | Secure Internet Access | |||
| Feature | Basic | Advanced | Basic | Advanced |
| Secure Network Access | ||||
| ZTNA Tunnel (VPNaaS) to enable access to specific networks | ✔ | ✔ | ||
| ZTNA Proxy to securely connect to internal HTTP applications and TCP services | ✔ | |||
| Private Networks (RFC-1918 ranges) and domains (internal DNS servers) | ✔ | ✔ | ||
| Split Tunneling to specific subnets and domains (private or public) | ✔ | ✔ | ||
| Full Tunneling for all traffic using Private Edge | ✔ | |||
| Network / Layer 4 polices based on CIDRs and FQDNs | ✔ | ✔ | ||
| Secure Access to Private Resources | ||||
| Internal Websites access using browser-only OpenID Connect flows | ✔ | |||
| SSH to Linux servers | ✔ | |||
| RDP to Windows machines | ✔ | |||
| Native clients to access database servers such as PostgreSQL and MySQL | ✔ | |||
| Kubernetes client to access cluster | ✔ | |||
| SSH Certificate Authentication, Authorize Principals, and audit logging | ✔ | |||
| Layer 7 policies to access APIs, webpages | ✔ | |||
| Internet Threat Protection | ||||
| DNS Layer Security blocking domains with malware, phishing, botnet, and other risks | ✔ | ✔ | ||
| Content categorization | ✔ | ✔ | ||
| Custom blocking | ✔ | ✔ | ||
| SaaS Application Security | ||||
| Cloud Access Security Broker (CASB) to enforce device trust polices for SaaS applications | ✔ | |||
| Visibility into Cloud Applications / Shadow IT | ✔ | |||
| IP Allowlisting for Cloud Applications through SonicWall Edge | ✔ | ✔ | ✔ | |
| Device Trust for Okta | ✔ | |||
| Device Trust for Azure AD | ✔ | |||
| Device Trust for other IDPs such as OneLogin, Jumpcloud | ✔ | |||
| Web Content Filtering Service | ||||
| Secure Web Gateway (SWG) | Content Filtering via DNS | ✔ | ✔ | ||
| Secure Web Gateway (SWG) | Threat Filtering via DNS | ✔ | ✔ | ||
| Secure Web Gateway (SWG) | Risk-Based URL Filtering | ✔ | |||
| Users and Devices | ||||
| Passwordless Authentication via IDP Federation | ✔ | ✔ | ||
| Policy-enforced access from Unregistered Devices with a trusted device certificate | ✔ | ✔ | ||
| Clientless access | ✔ | ✔ | ||
| Service Accounts (API tokens for programmatic access such as scripting and automation through the Data Plane) | ✔ | |||
| SCIM integration to manage user assignments | ✔ | ✔ | ||
| EDR integrations (e.g. CrowdStrike, SentinelOne, Microsoft Defender) | ✔ | ✔ | ||
| MDM/UEM Integrations (e.g. JAMF, Kandji, Jumpcloud, Intune, Workspace One) | ✔ | ✔ | ||
| Visibility and Compliance | ||||
| SIEM Integration (eg. Splunk, Elastic, Sumo Logic) | ✔ | ✔ | ||
| Private Network Discovery (non-approved applications accessed by user or devices) | ✔ | n/a | ||
| IaaS Resource Discovery | ✔ | n/a | ||
| SaaS Application Discovery | n/a | ✔ | ||
| Operations and Automation | ||||
| Private Edge Deployment: Host SonicWall’s identity-aware gateway in your own infrastructure | ✔ | n/a | n/a | |
| Services and Support | ||||
| 24x7 Support | ✔ | ✔ | ✔ | ✔ |
| Premier Support | add-on | add-on | ||
| Remote Implementation Services | add-on | add-on | ||
