-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Cloud Secure Edge Solution Launch (SonicOS 7.1.2 & MySonicWall Integration) FAQ
07/18/2024 
0 People found this article helpful
58,866 Views
Description
This article helps answer frequently asked questions regarding the MySonicWall (MSW) integration of Cloud Secure Edge and the Firewall Connector.
Q. Does CSE support data residency in Europe?
A. Yes, CSE has a data center in Frankfurt, Germany. The data center can be selected when registering/provisioning the product in MySonicWall.
Q. Do you support monthly billing?
A. Yes, partners in the Service Provider Program can leverage CSE and get billed monthly in arrears based on consumption.
Q. Do you need to have your firewall registered to the same tenant in MySonicWall as your CSE product for the connector?
A. Yes.
Q. Do I need a specific license on my firewall to use the connector?
A. Not required, you only need to have a licensed CSE product in the same tenant as your firewall.
Q. Do you only support your new packaging in MySonicWall?
A. Yes, only the Secure Internet Access (SIA Basic + Advanced) & Secure Private Access (SPA Basic + Advanced) bundles can be provisioned there.
Q. Can I mix different SIA & SPA packages (SPA Basic + SIA Advanced) for the same customer?
A. Yes, you can mix basic & advanced of different bundle types.
Q. Can I have 500 users of SIA and 50 users of SPA for the same customer?
A. Yes, you can have unique user counts.
Q. Can I have 500 users of SIA Basic and 50 users of SIA Advanced for the same customer?
A. No.
Q. Do you support EDR integrations like Capture Client, Crowdstrike and SentinelOne?
A. Yes, you need the SPA Advanced license to enable cloud to cloud API communication.
Q. Is closed network or FIPS mode supported for the CSE Connector on the firewall?
A. No.
Q. Can I get Remote Implementation Services?
A. Yes.
Q. Can you convert a trial to a production license?
A. Yes.
Q. Will MSPs get access to the for branding?
A. Any MySonicWall organization that is a partner will get this experience.
Q. Can I use the firewall as a “Private Edge” in 7.1.2?
A. Not in 7.1.2, we are evaluating this for a future release. Please reach out to your account manager to express interest.
Q. What protocol does the connector use?
A. Wireguard.
Q. Do I need to make inbound exceptions for the connector?
A. No, the traffic is initiated from the firewall to the CSE global edge infrastructure. The UDP port range must not be blocked by any device infront of the firewall.
Q. Does this release support dynamic routing?
A. The published routes list is currently a static one, but you can publish a larger range that covers all the expected dynamic routing range.
Q. Is there a free trial available?
A. Yes, in MySonicWall.
Q. Can I deploy as many firewall connectors as possible I want?
A. Yes, multiple firewalls can connect to the same CSE tenant. The same firewall cannot connect to more than one.
Q. What rules allow traffic from CSE?
A. CSE is the enforcement point. There are hidden rules that allow traffic from CSE to the published routes list.
Q. Is there a minimum user count per CSE customer?
A. No minimums.
Q. What is SonicOS 7.1.2?
A. SonicOS 7.1.2 is the feature release available on all Gen 7 firewalls. It introduces new capabilities in security, cloud edge, and integrations. (https://docs.banyansecurity.io/docs/banyan-components/edge-network/architecture/)
Q. Are all firewalls ready to support the features available in 7.1.2?
A. At launch, NSsp 15700 and NSv 270/470/870 running Policy Mode will not support the Cloud Secure Edge (CSE) feature. All other Gen7 Firewall models, including NSv 270/470/870 running Global/Classic Mode, will support the CSE connector feature.
Q. What are the new features available on SonicOS 7.1.2?
A. The major feature implemented in SonicOS 7.1.2 includes Cloud Secure Edge Connector support. This connector brings the Cloud Edge Security features to enable cloud-delivered ZTNA within your environments.
Q. Are the new features available on NSM?
A. Yes. The upcoming NSM version 2.5 will support the new features of SonicOS 7.1.2.
Q. Will we be able to manage SonicOS 7.1.2 from NSM 2.4.0?
A. Users will require NSM 2.5, now available in SaaS, and the on-prem version will be available in September.
Q. How can existing firewall customers running SonicOS 7 upgrade/migrate to SonicOS 7.1.2?
A. You can upgrade the firewall to SonicOS 7.1.2 on the box without using a migration tool.
Q. How many days of logs will be stored in CSE event logs? How can we download the logs?
A.Console Event: Events are visible for 2 weeks or until 10,000 events are reached, whichever comes first.
System Logs (Audit Logs): These logs are are never deleted.
For more details, see - https://docs.banyansecurity.io/docs/visibility-logging/events/
Q. Does the connector support configuring wildcard DNS/domain entries? Can wildcard DNS entries be published via the connector's DNS config option?
A. We do support wildcard entries in the Firewall. However, we trim the *. prefix before sending it to CSE, ensuring that all sub-domains function correctly in terms of resource access.
Q. How can existing firewall customers run SonicOS6.5, and how can previous versions upgrade to SonicOS 7.1.2?
A. Users will be required to use our Secure Upgrade Program to upgrade their existing hardware models to Gen 7. They will then need to migrate their settings to the new firewall running 7.1.2 OS
Learn more about the Secure Upgrade Program
Q. How many POPs do we have, and how do we get their details? How will fallback happen for POPs?
A. You can get these details from https://docs.banyansecurity.io/docs/banyan-components/edge-network/
Q. Do we support a local Active Directory to authenticate the CSE app? If not, do we support the authentication mechanism?
A. CSE is a cloud based service and ONLY support cloud based authentication services. These can be ANY SAML or OIDC service such as EntraID, Okta, Ping, etc. This means any local Active Directory services that are syncronized with one of these is supported.
(https://docs.banyansecurity.io/docs/quickstart/set-up-directory/)
Q. Do I need an additional license for my current Gen7 firewall to use CSE connector?
A. All firewall running 7.1.2 can leverage integration with SonicWall Cloud Secure Edge Active license/subscription. Feature is supported with bare hardware, and on all security bundles.
Q. Which access point models can I integrate with firewalls running SonicOS 7.1.2?
A. SonicOS 7.1.2 supports all access points supported on SonicOS 7.1.1 including Wi-Fi 6 APs like 621, 641 and 681
Q. What happens to the firewall-managed access point when the firewall is upgraded to SonicOS 7.1.2?
A. If a firewall is upgraded from a version below 7.1.1, the APs' firmware will be upgraded to a version compatible with 7.1.2. There will not be a change in the AP firmware version if the firewall is upgraded from 7.1.1.
Q. I am an existing NSv customer already running a SonicOS 7.1.1-based OS. Do I still need to redeploy for the subsequent 7.1.2 and later builds?
A. The redeployment is only needed the first time you upgrade from a SonicOS 7.0.1-based image to SonicOS 7.1.1. If you have already done the redeployment once to upgrade a SonicOS 7.1.1-based NSv image, then you can use the sig file update process to update the OS to 7.1.2. This file is available under MSW download sections starting SonicOS 7.1.1. Before SonicOS 7.1.1, NSv customers used SWI files for a similar update experience.
Q. I am already using a SonicOS 7.1.2-based OS on my firewalls. What should I do when a new SonicOS 7.1.1-based maintenance release becomes available on MSW?
A. There is no plan to continue supporting SonicOS 7.1.1 once SonicOS 7.1.2 is released. Customers looking for a GA build without the new features can stay on SonicOS 7.0.1-based builds. The next major feature release will support all the latest features in 7.1.1 and 7.1.2.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
YES
NO