Overview:
SonicWall Cloud Edge Secure Access enables a simple
Network-as-a-Service (NaaS) for site-to-site and hybrid
cloud connectivity to AWS, Azure, Google Cloud and
more. It combines Zero-Trust, Least-Privilege security and
software-defined micro-segmentation to permit users
and devices to access only what’s necessary and nothing
more, similar to the concept of a “need to know basis.”
Now, organizations can offer remote-work flexibility,
preserve operational flexibility and at the same time,
protect high-value assets from costly security breaches.
Highlights
- Zero-Trust with software-defined micro-segmentation
policies effectively prevent breach from spreading.
- Supports Single Sign-On and Multi-Factor
Authentication using LDAP, Okta, Google, and Azure
Identity Provider services.
- Network Traffic Control (NTC) is a stateful firewallas-a-service (FwaaS) that provides policy-based
protection by defining who can access what resource
and from where.
- Device Posture Check (DPC) grants network access
only to authenticated and compliant devices.
- Client apps are available for macOS, Win10, Android
and iOS operating systems.
- Supports client-less Remote Desktop access using
RDP, VNC, SSH and HTTP/ HTTPS for web access with
any public devices.
- Provides better user experience with the fast and
modern WireGuard secure tunnels.
- Always-on VPN emulates in-office experience and
maintains strong security posture in public hotspots.
- Supports an easy drag-drop policy configuration
interface to save time, and a dashboard to simplify
compliance audits.
- Network monitoring provides a comprehensive
overview of traffic pattern, and security postures of
users, groups and servers.
Benefits:
Infrastructure is Built for Rapid
Scale and Global Deployment
SonicWall Cloud Edge Secure Access is built around
Software-Defined Perimeter (SDP), an advanced and
cloud-native architecture, to deliver rapid deployment and
self-service onboarding.
- Faster deployment – An IT manager can sign up, create
a gateway, and configure granular policies based on
network and user context — all in less than 15 minutes.
- Faster user onboarding – An end user can choose
whether to connect via their mobile device or desktop
client app, or bypass client installation altogether when
using a public computer, provided a browser is available.
With the self-service deployment model, onboarding can
be completed in 5 minutes.
SDP is also secure by design because it decouples the
controller, which authenticates users and devices, from
the gateways that act as trust brokers. By distributing
the gateways close to the end-user locations, Cloud
Edge Secure Access can scale rapidly as needed,
maintain high-performance and deliver the best cloud
experience possible.
This separation of functions also enables Cloud Edge Secure
Access to stop common cyberthreats, such as DDoS, public
Wi-Fi hijacking, SYN flood and Slowloris.
Software-Defined Micro‑Perimeter
Security That Follows Users
Today’s employees want the flexibility to work from
anywhere — and organizations want to take advantage of
the cost savings and operational efficiencies offered by
the cloud. In this new inverted reality, where everything is
outside of centralized locations and beyond physical firewall
protection, there is a need to complement the current
on-premises service delivery model with an agile followthe-user security model.
With the SonicWall Cloud Edge Secure Access, the perimeter
is software-defined, meaning each micro-perimeter segment
encapsulates a particular type of traffic flow, defined by
access policies. The segment starts with the user and
extends to specific networks or services or assets anywhere
in the cloud — a much more versatile approach.
Zero-Trust Network Access
Trust Nothing and Verify Everything
Zero-Trust policies allow external users with a proper set of
contexts to securely access a host of network resources
using the supports of:
- Federated Single Sign-On and Multi-Factor
Authentication – This combination provides
users a single portal for authenticating into a
hybrid IT environment, creating a consistent and
seamless experience.
- Integration with leading cloud-based identity
management providers – Organizations can extend
the service life of legacy on-premises assets, like
LDAP, or migrate to the modern, cloud-based identity
management services from providers, such as Azure AD,
Google Cloud Identity and Okta.
- Context-driven access with Device Posture Check
(DPC) – grants network access only to compliant
and authorized devices that pass OS integrity and
malware-free environment verifications to ensure no
malware slips into the infrastructure.
- Software-defined micro-segmentation – Network
Traffic Control (NTC) precisely segments all incoming
traffic to prevent malware or unauthorized users from
compromising network resources and sensitive data.
- Least-Privilege Access Control – Organizations can
control user interactions with resources based on
relevant attributes, including user and group identity and
the sensitivity of the data being accessed.
Work-from-Anywhere Securely
From Trusted Areas to Public Hotspots
- Automatic Wi-Fi security – Cloud Edge Secure Access
for Windows and mac OS proactively monitors the
environment, and automatically activate a secure
access connection in public hotspots. This extra
layer of protection stops Wi- Fi intercepts, which are
increasingly common and can result in data thefts and
compliance violation.
- Kill switch – When a secure access connection is
interrupted, the device’s internet connection is instantly
halted — disrupting potential cyber breaches and
preventing any data from leaving the device.
- Trusted Wi-Fi networks – When an SSID is specified
as “trusted,” the automatic Wi-Fi security feature
will not activate.
- Always-on VPN/applications – This convenient
feature automatically reconnects to an application or
set of applications without requiring users to login or
authenticate again.
Site-to-Site Interconnectivity or
Network-as-a-Service (NaaS)
Cloud Edge Secure Access offers the choice of site-to-site
connectivity service or Network-as-a-Service (NaaS), which
IT managers can use to quickly onboard branch offices in
geographically dispersed locations. NaaS also allows you to
quickly and securely connect mobile kiosks, retail stores and
sales points to cloud-hosted resources without needing to
rely on costly MPLS.
- Site-to-site or site-to-cloud interconnect
service – The solution easily connects to popular
cloud environments, including AWS, Azure and
Google Cloud — or can be used to create a secure
communication link between networks located at
different sites.
- Multi-regional deployment – Administrators can deploy
dedicated Cloud Edge gateways in different locations to
deliver optimal speed and performance to international
branches and employees.
- High-performance global backbone – SonicWall Cloud
Edge service is available globally. The infrastructure
offers minimal latency by distributing gateways close
to the customer locations and load-balancing traffic
across servers.
- State-of-the-Art WireGuard secure tunnel – An IT
manager can leverage any branch router or firewall with
IPsec to connect to the nearest Cloud Edge gateway.
SonicWall recommends the WireGuard tunnel, which
can deliver much faster performance. This deployment
requires a branch Linux server to run the WireGuard
tunnel service to the nearest gateway.
