Cloud Secure Edge (CSE) Licenses
License types and license distribution to end users in Cloud Secure Edge
- Updated on Oct 15, 2024
- 5 minutes to read
-
Contributors
- Cloud Secure Edge License Overview
- Granting Licenses
- Cloud Secure Edge License Types in MySonicWall
- Manage Licenses
- Edition-based licensing
Cloud Secure Edge License Overview
A license is a token that is assigned to a user in your org; a user is licensed when an admin assigns the user to a service (e.g., a Service Tunnel) and the user has authenticated into the Cloud Secure Edge (CSE) app. Depending on the service assignment, a specific license type will be assigned to the user (license types are outlined below). Admins can purchase a fixed number of licenses, known as their License Entitlement. This is a floating number of licenses available for end users to consume as they access resources or services within Cloud Secure Edge; these licenses are not time-limited.
Granting Licenses
Licenses can be granted explicitly or implicitly: Licenses can be explicitly assigned to an individual user, or they can be consumed by a user when an admin assigns that user to a Cloud Secure Edge service, as explained above. Depending on the service assignment or the explicit granting of a license, a particular type of license will be consumed by the user (i.e., either an SIA license or an SPA license).
Cloud Secure Edge License Types in MySonicWall
Licenses are purchased through MySonicWall.
Secure Private Access (SPA) Basic: VPN
- Service Tunnel (VPN as a Service): available as split tunnel or full tunnel
Secure Private Access (SPA) Advanced: Zero Trust Network Access (ZTNA)
- Hosted websites: provide users access to internal websites
- Hosted infrastructure: provide users access to internal infrastructure services
- Private resource discovery: view private resources accessed by end users via Service Tunnel
- IaaS resource discovery: view infrastructure resources accessed by end users for work
Secure Internet Access (SIA) Basic: Compliance-focused Web Filtering
- DNS-based compliance content filtering: block specific internet content to adhere to your org’s compliance standards
- DNS-based malicious content filtering: block users from encountering internets threats
Secure Internet Access (SIA) Advanced: Security-focused Web Filtering
- URL Filtering: determine threats associated with URLs and block or allow access accordingly
- IP Allowlisting: provide users access to specific IP address ranges
- Device Trust for SaaS: evaluate users’ device trust during SaaS sessions
- Internet Resource Discovery: view which public resources end users are accessing for work
Note: Cloud Secure Edge (CSE), formerly known as Banyan Security, previously offered product editions. These editions are no longer available for purchase, but some edition models may still be in use. If you’re interested in learning about how license consumption works in the old editions model, refer to the section below.
Manage Licenses
Admins can grant and revoke user licenses.
Grant a license
To explicitly grant a license to a user, complete the following steps:
1. On the Home page of the Cloud Secure Edge (CSE) Command Center, select the Licenses tab.
2. To grant a licenses to a user, either select Licenses in Use (under either the SIA or SPA Licenses plan), and then select a specific user or navigate from Directory > Users, select a user that you want to grant a licenses to, and then select the Licenses edit button.
3. An Edit Licenses module will pop up: choose whether to grant your user an SIA License or an SPA License.
4. To view the status of licenses granted to or revoked from a user, see the User details page.
Revoke a license
To explicitly revoke a license to a user, complete the following steps:
1. Repeat Steps 1 to 3 in the Grant a license section above, except in Step 3, select Revoke License.
Edition-based licensing
License consumption on the Editions model
On the Editions model, a license is consumed if a user has been active at least once over the past 90 days.
Note: Even users that have been archived or deleted are considered an Active User and will consume a license if such users have been active at all (i.e., accessed a service or Service Tunnel or checked in on a device that has an ITP policy associated with it) within the last 90 days.
What is an Active User?
An Active User is one of the following:
- a user who has accessed a published service or Service Tunnel within the last 90 days;
- a user (i) whose device has an Internet Threat Protection (ITP) policy assigned to it and (ii) who has checked in within the last 90 days.
Can’t find what you’re looking for?
We’re happy to help. Contact our team.