• Cloud Secure Edge License Overview
• Cloud Secure Edge License Types in MySonicWall
  • Secure Private Access (SPA) Basic: VPN
  • Secure Private Access (SPA) Advanced: Zero Trust Network Access (ZTNA)
  • Secure Internet Access (SIA) Basic: Compliance-focused Web Filtering
  • Secure Internet Access (SIA) Advanced: Security-focused Web Filtering
• Granting Licenses
  • Steps to Explicitly Grant a license
  • Steps to Implicitly Grant a license
• Revoking licenses
  • Steps to Explicitly Revoke a License
  • Steps to Implicitly (or Automatically) Revoke a License

Cloud Secure Edge License Overview

A license is a token that is assigned to a user in your org; a user is licensed when an admin assigns the user to a service (e.g., a Service Tunnel) and the user has authenticated into the Cloud Secure Edge (CSE) app. Depending on the service assignment, a specific license type will be assigned to the user (license types are outlined below). Admins can purchase a fixed number of licenses, known as their License Entitlement. This is a floating number of licenses available for end users to consume as they access resources or services within Cloud Secure Edge; these licenses are not time-limited.

Cloud Secure Edge License Types in MySonicWall

Licenses are purchased through MySonicWall.

Secure Private Access (SPA) Basic: VPN

• Service Tunnel (VPN as a Service): available as split tunnel or full tunnel

Secure Private Access (SPA) Advanced: Zero Trust Network Access (ZTNA)

• Hosted websites: provide users access to internal websites
• Hosted infrastructure: provide users access to internal infrastructure services
• Private resource discovery: view private resources accessed by end users via Service Tunnel
• IaaS resource discovery: view infrastructure resources accessed by end users for work

Secure Internet Access (SIA) Basic: Compliance-focused Web Filtering

• DNS-based compliance content filtering: block specific internet content to adhere to your org’s compliance standards
• DNS-based malicious content filtering: block users from encountering internets threats

Secure Internet Access (SIA) Advanced: Security-focused Web Filtering

• URL Filtering: determine threats associated with URLs and block or allow access accordingly
• IP Allowlisting: provide users access to specific IP address ranges
• Device Trust for SaaS: evaluate users’ device trust during SaaS sessions
• Internet Resource Discovery: view which public resources end users are accessing for work

Note: Cloud Secure Edge (CSE), formerly known as Banyan Security, previously offered product editions. These editions are no longer available for purchase, but some edition models may still be in use.

Granting Licenses

Licenses can be granted explicitly or implicitly. Licenses can be explicitly granted to an individual user, or licenses can be consumed by a user when an admin assigns that user to a Cloud Secure Edge service (i.e., implicitly granted). Depending on the service assignment or the explicit granting of a license, a particular type of license will be consumed by the user (i.e., either an SIA license or an SPA license).

Steps to Explicitly Grant a license

To explicitly grant a license to a user, complete the following steps:

1. On the Home page of the Cloud Secure Edge (CSE) Command Center, select the Licenses tab.

2. To grant a licenses to a user, either select Licenses in Use (under either the SIA or SPA Licenses plan) and then select a specific user, or navigate from Directory > Users, select a user that you want to grant a license to, and then select the Licenses edit button.

3. An Edit Licenses module will pop up: choose whether to grant your user an SIA License or an SPA License.

4. To view the status of licenses granted to or revoked from a user, see the User details page.

Steps to Implicitly Grant a license

Assign a user in your org to a Cloud Secure Edge (CSE) service:

• For an SPA license: assign a user’s device to a Service Tunnel or to a Zero-Trust Network Access (ZTNA) service (e.g., a hosted website).

• For an SIA license: assign a user’s device to an Internet Threat Protection (ITP) policy or to a protected SaaS app in CSE.

Revoking licenses

Licenses can be revoked explicitly or implicitly. A License can be explicitly revoked by selecting the Revoke License option. Depending on the service assignment or the explicit granting of a license, a particular type of license will be consumed by the user (i.e., either an SIA license or an SPA license).

Note: Currently, when an admin revokes a user license, users are not prevented from authenticating to and using CSE services. To ensure that a user in your org cannot access a service after license revocation, either (i) delete the user(s) from CSE (if you’re using local user management) or (ii) block user(s) access from the 3rd-party IDP associated with your user(s).

Steps to Explicitly Revoke a License

To explicitly revoke a license from a user, complete the following steps:

1. On the Home page of the Cloud Secure Edge (CSE) Command Center, select the Licenses tab.

2. Either select Licenses in Use (under either the SIA or SPA Licenses plan) and then select a specific user, or navigate from Directory > Users, and select a user that you want to revoke a license from, and then select the Licenses edit button.

3. An Edit Licenses module will pop up: Select Revoke License on either the SIA or the SPA License option, and then select Done.

Steps to Implicitly (or Automatically) Revoke a License

Remove a licensed user from the user list (i.e., delete a user in the CSE Command Center or delete a user in SCIM); the revoked license will return to the pool of licenses available to use.

Note: As mentioned above, the user’s license will not be revoked when the user is unassigned from a service.