Cloud Secure Edge Docs

CSE Home> Getting Started Guide

Secure Connectivity

Policy Controls

Administer Cloud Secure Edge

More Resources

Getting Started Guide

Helpful guide to get you up and running quickly with SonicWall Cloud Secure Edge (formerly Banyan Security)

Updated On: Mar 30, 2026

Prerequisites

Before proceeding, ensure that you have the following:

A private network or a private service that you'd like to be able to access remotely.
A computer on this network that can make outbound HTTPS (port 443) connections and outbound UDP connections to the CSE Global Edge Network (ports in the range of 21000 - 59999).
A back up of your Gen7 (or later version) firewall, if you have an existing firewall that you would like to use.
Register CSE activation keys in MySonicWall.

Getting started

Step 0: Choose your deployment model

Cloud Secure Edge offers two deployment models for access to your org’s private resources: Private Edge and Global Edge. In most cases, your org will be provisioned so you can use one or both deployment models.

Most of our customers will be using the Global Edge deployment model (i.e., choosing to have Cloud Secure Edge-managed infrastructure), and therefore selecting Points of Presence (PoPs) and deploying a Connector to connect their network. The Private Edge deployment model is designed for customers who want to self-host their cloud infrastructure. This onboarding guide is designed for customers using a Global Edge deployment.

If you are using a Global Edge deployment model in your CSE org, select the geographic locations in which you want to provision your cloud infrastructure (i.e., your Points of Presence).

If you are using a Private Edge deployment model in your CSE org, opt to Skip to the Private Edge.

Note that choosing one deployment model does not exclude you from adding the other deployment model at a later time.

Step 1: Set up your user directory

1.1 Do you have an existing identity provider for your end users?

If yes, then configure your IDP in Cloud Secure Edge:

If not, then use Cloud Secure Edge’s Local User Management to get started.

Step 2: Connect your network

2.1 Do you have a Gen 7 (or later version) firewall?

If yes, then install the Cloud Secure Edge Connector on your Gen 7 firewall.
If not, then install the Connector on Cloud Secure Edge infrastructure.

Step 3: What would you like to accomplish with Cloud Secure Edge?

Below, we've outlined the most common use cases for Cloud Secure Edge.

3.1 Pick your path:

Set up Remote Access - Secure Private Access license required
Block Malicious Content -Secure Internet Access license required
Protect SaaS Apps - Secure Private Access license required
Check Devices Security Posture - Secure Private Access license required
Set up ZTNA - Secure Private Access Advanced license required

For a deeper understanding of Cloud Secure Edge licenses, see our licenses doc.

Guided Onboarding Set-up

The Cloud Secure Edge admin console offers a one-time guided onboarding set-up for orgs that meet the following conditions:

Global Edge deployment (or Global Edge + Private Edge deployment)
An SPA license
A MySonicWall provisioned org (i.e., not a Managed Service Provider (MSP) org) accessed via admin SSO

If you want to set up a Service Tunnel (i.e., set up remote access) using CSE, this guided onboarding set up will help you accomplish that.

If the admin directly exits the Guided Onboarding Set Up (i.e., clicks Exit at any given point), they will not be able to return to the Onboarding Set Up; if the admin indirectly exits the Guided Onboarding Set Up (i.e., closes their browser), the Onboarding Set Up will be available exactly where they left off.