# SonicWall ## Step 1 - Creating a new branch connection [Log in to the GoodAccess **Control Panel**, and go to **Network** > **Clouds & Branches**.](https://app.goodaccess.com/branches/) Click **+ Add new**, enter a **Name** (e.g., Prague Office), select the required **Gateway**, and define your local **Subnets** (using CIDR notation). Choose **IPSec** **Protocol**, and click **Continue**. Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set on your device in the next steps. Click **Submit** to finish, or **Continue** to define optional **Branch Segments** for finer access control. {% hint style="info" %} You may return to the configuration via the **Edit** button of your Branch at any time. {% endhint %} {% hint style="info" %} **Example of configuration:** * **Shared Secret** - Create a new strong password * **Public IP** - IP of your SonicWall * **IKE Lifetime (Phase 1)** - 8 hours (28800 seconds) * **Tunnel Lifetime (Phase 2)** - 1 hour (3600 seconds) * **Dead Peer Detection Delay** - 30 seconds * **Encryption (Phase 1)** - aes256 * **Encryption (Phase 2)** - aes256 * **Integrity (Phase 1)** - sha256 * **Integrity (Phase 2)** - sha256 * **Diffie-Hellman Groups (Phase 1)** - 14 - modp2048 * **Diffie-Hellman Groups (Phase 2)** - 14 - modp2048 {% endhint %} ## Step 2 - Creating new address objects Log in to your SonicWall device, and go to **Object** > **Match Objects** > **Addresses** > **Address Objects**. Click **+ Add**. {% hint style="info" %} You have to create **two** objects - **gateway** and **subnet**. {% endhint %}

Router's graphical user interface (GUI) highlighting key steps to creating a new address object. — Creating a new address object

### Gateway * **Name** - Give the object a name * **Zone Assignment** - VPN * **Type** - Host * **IP Address** - IP of your GoodAccess Gateway Click **Save**.

Router's graphical user interface (GUI) highlighting key steps to configuring the Gateway address object. — Setting up the Gateway address object

### Subnet * **Name** - Give the object a name * **Zone Assignment** - VPN * **Type** - Network * **Network** - Subnet of your GoodAccess Gateway * **Netmask / Prefix Length** - Subnet Mask of your GoodAccess Gateway Click **Save**.

Router's graphical user interface (GUI) highlighting key steps to configuring the Subnet address object. — Setting up the Subnet address object

## Step 3 - Creating a new site-to-site connection Go to **Network** > **IPSec VPN** > **Rules and Settings** > **Policies** > **IPv4**, and click **+ Add**.

Router's graphical user interface (GUI) highlighting key steps to creating a new site-to-site connection. — Creating a new site-to-site connection

### General #### Security Policy * **Policy Type** - Site to Site * **Authentication Method** - IKE Using Preshared Secret * **Name** - Give the connection a name * **IPsec Primary Gateway Name or Address** - IP of your GoodAccess Gateway #### IKE Authentication * **Shared Secret / Confirm Shared Secret** - Shared Secret [(Step 1)](#step-1-creating-a-new-branch-connection) * **Local IKE ID** - IPv4 Address + IP of your SonicWall * **Peer IKE ID** - IPv4 Address + IP of your GoodAccess Gateway

Router's graphical user interface (GUI) showing the configuration of the General section of a VPN policy. — Setting up the General section

### Network #### Local Networks * **Choose local network from list** - Select local network you want to access with GoodAccess #### Remote Networks * **Choose destination network from list** - Select your [Subnet address object](#subnet)

Router's graphical user interface (GUI) showing the configuration of the Network section of a VPN policy. — Setting up the Network section

### Proposals {% hint style="info" %} Must match configuration from GoodAccess [(Step 1)](#step-1-creating-a-new-branch-connection). {% endhint %} #### IKE (Phase 1) Proposal * **Exchange** - IKEv2 Mode * **DH Group** - Group 14 * **Encryption** - AES-256 * **Authentication** - SHA256 * **Life Time (seconds)** - IKE Lifetime (Phase 1) #### IPSec (Phase 2) Proposal * **Protocol** - ESP * **Encryption** - AES-256 * **Authentication** - SHA256 * **Enable Perfect Forward Secrecy** * **DH Group** - Group 14 * **Life Time (seconds)** - Tunnel Lifetime (Phase 2)

Router's graphical user interface (GUI) showing the configuration of the Proposals section of a VPN policy. — Setting up the Proposals section

### Advanced * **Enable Keep Alive** Click **Save**.

Router's graphical user interface (GUI) showing the configuration of the Advanced section of a VPN policy. — Setting up the Advanced section

You have now successfully connected your device to GoodAccess. {% hint style="warning" %} **Firewall rules** Make sure that your device allows incoming connections from your **GoodAccess Gateway private subnet** on the following ports: * **UDP 500** * **UDP 4500** {% endhint %} {% hint style="info" %} **You may check the status of the connection in:** * **GoodAccess:** Go to **Control Panel > Network > Clouds & Branches** to view the tunnel status. Use the **Test Connection** button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled). * **SonicWall:** Go to **Network > IPSec VPN > Rules & Settings > Active Tunnels**. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.goodaccess.com/configuration-guides/branch-connector/sonicwall.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.