Overview: 
SonicWall Cloud Edge Secure Access enables a simple Network-as-a-Service (NaaS) for site-to-site and hybrid cloud connectivity to AWS, Azure, Google Cloud and more. It combines Zero-Trust, Least-Privilege security and software-defined micro-segmentation to permit users and devices to access only what’s necessary and nothing more, similar to the concept of a “need to know basis.”
Now, organizations can offer remote-work flexibility, preserve operational flexibility and at the same time, protect high-value assets from costly security breaches.
Highlights
- Zero-Trust with software-defined micro-segmentation policies effectively prevent breach from spreading.
- Supports Single Sign-On and Multi-Factor Authentication using LDAP, Okta, Google, and Azure Identity Provider services.
- Network Traffic Control (NTC) is a stateful firewallas-a-service (FwaaS) that provides policy-based protection by defining who can access what resource and from where.
- Device Posture Check (DPC) grants network access only to authenticated and compliant devices.
- Client apps are available for macOS, Win10, Android and iOS operating systems.
- Supports client-less Remote Desktop access using RDP, VNC, SSH and HTTP/ HTTPS for web access with any public devices.
- Provides better user experience with the fast and modern WireGuard secure tunnels.
- Always-on VPN emulates in-office experience and maintains strong security posture in public hotspots.
- Supports an easy drag-drop policy configuration interface to save time, and a dashboard to simplify compliance audits.
- Network monitoring provides a comprehensive overview of traffic pattern, and security postures of users, groups and servers.
Benefits:
Infrastructure is Built for Rapid Scale and Global Deployment
SonicWall Cloud Edge Secure Access is built around Software-Defined Perimeter (SDP), an advanced and cloud-native architecture, to deliver rapid deployment and self-service onboarding.
- Faster deployment – An IT manager can sign up, create a gateway, and configure granular policies based on network and user context — all in less than 15 minutes.
- Faster user onboarding – An end user can choose whether to connect via their mobile device or desktop client app, or bypass client installation altogether when using a public computer, provided a browser is available. With the self-service deployment model, onboarding can be completed in 5 minutes.
SDP is also secure by design because it decouples the controller, which authenticates users and devices, from the gateways that act as trust brokers. By distributing the gateways close to the end-user locations, Cloud Edge Secure Access can scale rapidly as needed, maintain high-performance and deliver the best cloud experience possible.
This separation of functions also enables Cloud Edge Secure Access to stop common cyberthreats, such as DDoS, public Wi-Fi hijacking, SYN flood and Slowloris.
Software-Defined Micro‑Perimeter Security That Follows Users
Today’s employees want the flexibility to work from anywhere — and organizations want to take advantage of the cost savings and operational efficiencies offered by the cloud. In this new inverted reality, where everything is outside of centralized locations and beyond physical firewall protection, there is a need to complement the current on-premises service delivery model with an agile followthe-user security model.
With the SonicWall Cloud Edge Secure Access, the perimeter is software-defined, meaning each micro-perimeter segment encapsulates a particular type of traffic flow, defined by access policies. The segment starts with the user and extends to specific networks or services or assets anywhere in the cloud — a much more versatile approach.
Zero-Trust Network Access
Trust Nothing and Verify Everything
Zero-Trust policies allow external users with a proper set of contexts to securely access a host of network resources using the supports of:
- Federated Single Sign-On and Multi-Factor Authentication – This combination provides users a single portal for authenticating into a hybrid IT environment, creating a consistent and seamless experience.
- Integration with leading cloud-based identity management providers – Organizations can extend the service life of legacy on-premises assets, like LDAP, or migrate to the modern, cloud-based identity management services from providers, such as Azure AD, Google Cloud Identity and Okta.
- Context-driven access with Device Posture Check (DPC) – grants network access only to compliant and authorized devices that pass OS integrity and malware-free environment verifications to ensure no malware slips into the infrastructure.
- Software-defined micro-segmentation – Network Traffic Control (NTC) precisely segments all incoming traffic to prevent malware or unauthorized users from compromising network resources and sensitive data.
- Least-Privilege Access Control – Organizations can control user interactions with resources based on relevant attributes, including user and group identity and the sensitivity of the data being accessed.
Work-from-Anywhere Securely
From Trusted Areas to Public Hotspots
- Automatic Wi-Fi security – Cloud Edge Secure Access for Windows and mac OS proactively monitors the environment, and automatically activate a secure access connection in public hotspots. This extra layer of protection stops Wi- Fi intercepts, which are increasingly common and can result in data thefts and compliance violation.
- Kill switch – When a secure access connection is interrupted, the device’s internet connection is instantly halted — disrupting potential cyber breaches and preventing any data from leaving the device.
- Trusted Wi-Fi networks – When an SSID is specified as “trusted,” the automatic Wi-Fi security feature will not activate.
- Always-on VPN/applications – This convenient feature automatically reconnects to an application or set of applications without requiring users to login or authenticate again.
Site-to-Site Interconnectivity or Network-as-a-Service (NaaS)
Cloud Edge Secure Access offers the choice of site-to-site connectivity service or Network-as-a-Service (NaaS), which IT managers can use to quickly onboard branch offices in geographically dispersed locations. NaaS also allows you to quickly and securely connect mobile kiosks, retail stores and sales points to cloud-hosted resources without needing to rely on costly MPLS.
- Site-to-site or site-to-cloud interconnect service – The solution easily connects to popular cloud environments, including AWS, Azure and Google Cloud — or can be used to create a secure communication link between networks located at different sites.
- Multi-regional deployment – Administrators can deploy dedicated Cloud Edge gateways in different locations to deliver optimal speed and performance to international branches and employees.
- High-performance global backbone – SonicWall Cloud Edge service is available globally. The infrastructure offers minimal latency by distributing gateways close to the customer locations and load-balancing traffic across servers.
- State-of-the-Art WireGuard secure tunnel – An IT manager can leverage any branch router or firewall with IPsec to connect to the nearest Cloud Edge gateway. SonicWall recommends the WireGuard tunnel, which can deliver much faster performance. This deployment requires a branch Linux server to run the WireGuard tunnel service to the nearest gateway.
