Getting Started With CSE

Welcome to SonicWall Cloud Secure Edge (CSE). The articles in this section provide the steps to prepare your environment and deploy Cloud Secure Edge.

Prerequisites #

Before proceeding, ensure that you have the following:

1. A private network or a private service that you’d like to be able to access remotely.

2. A computer on this network that can make outbound HTTPS (port 443) connections and outbound UDP connections to the CSE Global Edge Network (ports in the range of 21000 - 59999).

3. A back up of your Gen7 (or later version) firewall, if you have an existing firewall that you would like to use.

4. Register CSE activation keys in MySonicWall.

Get started #

Step 1: Set up your user directory #

1.1 Do you have an existing identity provider for your end users?

If yes, then configure your IDP in Cloud Secure Edge:

• Entra ID
• GSuite
• Okta
• Other IDPs

If not, then use Cloud Secure Edge’s Local User Management to get started.

Step 2: Connect your network #

SonicWall Cloud Secure Edge offers two deployment models for access to your organization’s private resources: Self-hosted Private Edge and Global Edge. In most cases, your org will be provisioned so you can use one or both deployment models. Most of our customers will be using the Global Edge deployment model, and therefore deploying a Connector to connect their network.

2.1 Do you have a Gen 7 (or later version) firewall?

• If yes, then install the Cloud Secure Edge Connector on your Gen 7 firewall.

• If not, then install the Connector on Cloud Secure Edge infrastructure.

Step 3: What would you like to accomplish with Cloud Secure Edge? #

Below, we’ve outlined the most common use cases for Cloud Secure Edge.

3.1 Pick your path:

• Set up Remote Access - Secure Private Access license required

• Block Malicious Content -Secure Internet Access license required

• Protect SaaS Apps - Secure Private Access license required

• Check Devices Security Posture - Secure Private Access license required

• Set up ZTNA - Secure Private Access Advanced license required

For a deeper understanding of Cloud Secure Edge licenses, see our licenses doc.

Guided Onboarding Set-up #

The Cloud Secure Edge admin console offers a one-time guided onboarding set-up for orgs that meet the following conditions:

• Global Edge deployment (or Global Edge + Private Edge deployment)
• An SPA license
• A MySonicWall provisioned org (i.e., not a Managed Service Provider (MSP) org) accessed via admin SSO

If you want to set up a Service Tunnel (i.e., set up remote access) using CSE, this guided onboarding set up will help you accomplish that.

Note: If the admin directly exits the Guided Onboarding Set Up (i.e., clicks Exit at any given point), they will not be able to return to the Onboarding Set Up; if the admin indirectly exits the Guided Onboarding Set Up (i.e., closes their browser), the Onboarding Set Up will be available exactly where they left off.