LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Creating a new branch connection
  • Step 2 - Creating new address objects
  • Gateway
  • Subnet
  • Step 3 - Creating a new site-to-site connection
  • General
  • Network
  • Proposals
  • Advanced

Was this helpful?

  1. Configuration guides
  2. Branch Connector

SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

PreviousMikroTikNextUniFi USG

Last updated 3 months ago

Was this helpful?

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your SonicWall

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

You have to create two objects - gateway and subnet.

Gateway

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Host

  • IP Address - IP of your GoodAccess Gateway

Click Save.

Subnet

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Network

  • Network - Subnet of your GoodAccess Gateway

  • Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

General

Security Policy

  • Policy Type - Site to Site

  • Authentication Method - IKE Using Preshared Secret

  • Name - Give the connection a name

  • IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

IKE Authentication

  • Local IKE ID - IPv4 Address + IP of your SonicWall

  • Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Network

Local Networks

  • Choose local network from list - Select local network you want to access with GoodAccess

Remote Networks

Proposals

IKE (Phase 1) Proposal

  • Exchange - IKEv2 Mode

  • DH Group - Group 14

  • Encryption - AES-256

  • Authentication - SHA256

  • Life Time (seconds) - IKE Lifetime (Phase 1)

IPSec (Phase 2) Proposal

  • Protocol - ESP

  • Encryption - AES-256

  • Authentication - SHA256

  • Enable Perfect Forward Secrecy

  • DH Group - Group 14

  • Life Time (seconds) - Tunnel Lifetime (Phase 2)

Advanced

  • Enable Keep Alive

Click Save.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • SonicWall - Network > IPSec VPN > Rules & Settings > Active Tunnels

Shared Secret / Confirm Shared Secret - Shared Secret

Choose destination network from list - Select your

Must match configuration from GoodAccess .

🖥️
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
(Step 1)
Subnet address object
(Step 1)
Creating a new address object
Setting up the Gateway address object
Setting up the Subnet address object
Creating a new site-to-site connection
Setting up the General section
Setting up the Network section
Setting up the Proposals section
Setting up the Advanced section
Router's graphical user interface (GUI) highlighting key steps to creating a new address object.
Router's graphical user interface (GUI) highlighting key steps to configuring the Gateway address object.
Router's graphical user interface (GUI) highlighting key steps to configuring the Subnet address object.
Router's graphical user interface (GUI) highlighting key steps to creating a new site-to-site connection.
Router's graphical user interface (GUI) showing the configuration of the General section of a VPN policy.
Router's graphical user interface (GUI) showing the configuration of the Network section of a VPN policy.
Router's graphical user interface (GUI) showing the configuration of the Proposals section of a VPN policy.
Router's graphical user interface (GUI) showing the configuration of the Advanced section of a VPN policy.