CSE Getting Started Overview: Service Tunnel on GlobalEdge
10/08/2024 2 People found this article helpful 60,012 Views
Description
The purpose of this knowledge base article is to provide the major steps needed to configure SonicWall Cloud Secure Edge in your environment after gaining Access to your tenant's Command Center. The outcome will be enabling users to register the Banyan App and Connect to a Wireguard-based Service Tunnel to access destination resources.
Note: Full Tunnel is only supported for Private Edge deployments; it is not supported for Global Edge deployments.
Resolution
Part 1: Connect a Directory of Users to the Command Center
The first procedure after logging into the Banyan Command Center is to connect Banyan to your user directory. This will allow you and your users to register the Banyan Application to your SonicWall CSE environment from external data sources such as AzureAD, Okta, or other Identity Providers that follow industry SSO standards.
Banyan Getting Started Guide - Service Tunnel on Global Edge
Related Documentation:
Part 2: Register Your First Device(s)
The second procedure in your Zero Trust journey is to use the previously configured Directory of Users to register a device or optionally a set of devices to validate the previous work as well as to use it for the next part of the configuration for SonicWall Cloud Secure Edge. The latest version of the app can be downloaded from getbanyan.app if it is not already installed!
CSE Getting Started: Register Your Device(s)
Related Documentation:
Part 3: Deploy a Connector
Part 3 of this Step-by-Step overview is to deploy the Connector into your environment. This server acts as a dial-out ingress point into your network where clients will connect through to communicate with any resources you wish to protect or access via the Service Tunnel.
CSE Getting Started: Deploy A Connector
Related Documentation:
Part 4: Create Your First Role(s)
Next in this overview, we suggest you configure any Role(s) you may want to put into your first Tunnel Policy. These can be adjusted at a later time. Roles are an essential part of SonicWall Cloud Secure Edge and are used in several areas of the product, including Access Policies. In the scope of this guide, roles are groups of users or devices that you can assign to Access Groups in the policies that protect your resources.
CSE Getting Started: Create A Role
Related Documentation:
Part 5: Create a Service Tunnel Access Policy
The 5th procedure to perform is to create an Access Policy for the Tunnel we will configure in the next part. Here you will use the role(s) created from the previous procedure to create sets of rules for each Role. The policy created here is the only policy that will be evaluated on the tunnel. Ensure to adjust Access groups and allow/deny rules accordingly.
CSE Getting Started: Create A Tunnel Policy
Related Documentation:
Part 6: Configure a Service Tunnel to Protect Resources
In this step, we will define the Service Tunnel that you will connect with to your destination resources. These can be both public resources on the internet and the private resources to which you have deployed a Connector from Part 3 in front of. Once completed you should find success in connecting to the tunnel on your App registered in Part 2, accessing a resource defined in your policy from Part 5, and tunnel configuration from this step.
CSE Getting Started: Create A Service Tunnel
Related Documentation:
Part 7: Configuration of TrustProfile(s)
The final procedure is configuring Trust for your device checks which are evaluated for use in Policy decisions for granting access. Device Trust can be customized on a device-to-device, user-to-user, or hybrid basis and will calculate of Trust score of Always Deny, Low, Medium, or High.
CSE Getting Started: Create A Trust Profile
Related Documentation:
Related Articles
Categories