SonicWall CSE: Secure SaaS Applications with IP Allowlisting
Description
Overview #
Service Tunnels use WireGuard to create fast, secure tunnels utilizing state-of-the-art cryptography. A service tunnel provides network-level connectivity into private networks as well as the public internet. When you specify the Public CIDRs and/or Public Domains that comprise a SaaS application in your service tunnel configuration, traffic to that SaaS application automatically flows over the tunnel and egresses with the IP address of your Edge.
For Self-hosted Private Edge deployments, traffic to Public CIDRs and Public Domains flows through a selected Access Tier(s).
Specifying IP Allowlists #
Most SaaS Applications provide security configuration allow you restrict connectivity to your tenant to specified IP address ranges. SaaS vendors use different terminology to refer to IP Allowlisting.
Example 1: Salesforce #
In Salesforce, you can restrict access to specific IP ranges by updating the Login IP Ranges setting.
Example 2: Mongo Cloud #
In Mongo Cloud, you can restrict access to specific IP ranges by updating the IP Access List setting.
In both the examples above, access has been restricted to a fictitious IP range 1.2.3.4/32.
Edge Network IP Address #
The IP addresses with which service tunnel traffic egresses your Banyan Edge Network depends on your deployment model.
For Self-hosted Private Edge deployments, traffic to Public CIDRs and Public Domains flows through a selected Access Tier(s). Your Egress IPs which match those of your Access Tier(s).
What’s next #
Once you’ve enabled IP Allowlisting for a given SaaS Application by configuring the network access setting in the SaaS application, review our article on tunneling the SaaS application traffic over a Service Tunnel.
