Securing Networks with SonicWall Cloud Secure Edge (CSE)

Migrate from your legacy VPN to Service Tunnel, a modern cloud-first VPN as a Service (VPNaaS) built on WireGuard

  • Updated on May 31, 2024
  • 3 minutes to read
  • Contributors


SonicWall Cloud Secure Edge (CSE) uses WireGuard to create fast, secure tunnels utilizing state-of-the-art cryptography. Service Tunnels provide encrypted network connectivity to network segments - VLANs, VPCs, subnets, etc. While the objective of Zero Trust security is often to migrate away from granting full network access to users and instead provisioning access to specific corporate resources, there are some scenarios where full network access is necessary.

You can publish Service Tunnels when you need to enable:

  • Network and system administration, where users need complete access to the network
  • Access to legacy applications that use multiple ports or unpredictable port numbers
  • Access to latency-sensitive, real-time, UDP flow based applications such as IP telephony, media streaming, etc

As with the other service types, security policies are continuously enforced, locking down access based on user and device attributes and trust levels.

The flow diagram below describes how CSE’s zero-trust access control mechanism works for Service Tunnels. Review the Publish a Service Tunnel to Users guide to see how to create a Zero Trust policy for a service tunnel so a user can access the tunnel via the desktop app.

Flow Diagram - Service Tunnels

What’s next

Read about how routing works in CSE to secure access to your networks.