Cloud Secure Edge is available for purchase as Secure Private Access (to resources on internal networks) and Secure Internet Access (to resources on the public Internet).
1. Secure Private Access provides two core capabilities:
• Tunnel-based ZTNA (also called Cloud VPN or VPNaaS): Secure network access to specific network segments.
• Proxy-based ZTNA: Secure access to private resources such as internal HTTP applications and TCP services.
2. Secure Internet Access provides three core capabilities:
• DNS-Layer Security (DNS): Domain-level threat protection blocking malicious domains and enforcing acceptable use policies.
• Cloud Access Security Broker (CASB): Enforcement device trust policies to access SaaS applications.
• Secure Web Gateway (SWG): Web content filtering to block malware and other threats hidden in encrypted web traffic.
Secure Private Access (SPA) and Secure Internet Access (SIA) SKUs are both available in two tiers: Basic and Advanced.
Licenses are sold per-user.
Datasheet: https://www.sonicwall.com/resources/datasheet/cloud-secure-edge
| Secure Private Access | ||
| Feature | Basic | Advanced |
| Secure Network Access | ||
| ZTNA Tunnel (VPNaaS) to enable access to specific networks | ✔ | ✔ |
| ZTNA Proxy to securely connect to internal HTTP applications and TCP services | ✔ | |
| Private Networks (RFC-1918 ranges) and domains (internal DNS servers) | ✔ | ✔ |
| Split Tunneling to specific subnets and domains (private or public) | ✔ | ✔ |
| Full Tunneling for all traffic using Private Edge | ✔ | |
| Network / Layer 4 polices based on CIDRs and FQDNs | ✔ | ✔ |
| Secure Access to Private Resources | ||
| Internal Websites access using browser-only OpenID Connect flows | ✔ | |
| SSH to Linux servers | ✔ | |
| RDP to Windows machines | ✔ | |
| Native clients to access database servers such as PostgreSQL and MySQL | ✔ | |
| Kubernetes client to access cluster | ✔ | |
| SSH Certificate Authentication, Authorize Principals, and audit logging | ✔ | |
| Layer 7 policies to access APIs, webpages | ✔ | |
| SaaS Application Security | ||
| IP Allowlisting for Cloud Applications through SonicWall Edge | ✔ | ✔ |
| Users and Devices |
||
| Passwordless Authentication via IDP Federation | ✔ | |
| Policy-enforced access from Unregistered Devices with a trusted device certificate | ✔ | |
| Clientless access | ✔ | |
| Service Accounts (API tokens for programmatic access such as scripting and automation through the Data Plane) | ✔ | |
| SCIM integration to manage user assignments | ✔ | |
| EDR integrations (e.g. CrowdStrike, SentinelOne, Microsoft Defender) | ✔ | |
| MDM/UEM Integrations (e.g. JAMF, Kandji, Jumpcloud, Intune, Workspace One) | ✔ | |
| Visibility and Compliance | ||
| SIEM Integration (eg. Splunk, Elastic, Sumo Logic) | ✔ | |
| Private Network Discovery (non-approved applications accessed by user or devices) | ✔ | |
| IaaS Resource Discovery | ✔ | |
| SaaS Application Discovery | n/a | |
| Operations and Automation | ||
| Private Edge Deployment: Host SonicWall’s identity-aware gateway in your own infrastructure | ✔ | |
| Services and Support | ||
| 24x7 Support | ✔ | ✔ |
| Premier Support | add-on | |
| Remote Implementation Services | add-on | |
