CtrlK

GoodAccess Website Request Free Trial Download App

SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your SonicWall
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

You have to create two objects - gateway and subnet.

Router's graphical user interface (GUI) highlighting key steps to creating a new address object.

Gateway

Name - Give the object a name
Zone Assignment - VPN
Type - Host
IP Address - IP of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Gateway address object.

Subnet

Name - Give the object a name
Zone Assignment - VPN
Type - Network
Network - Subnet of your GoodAccess Gateway
Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Subnet address object.

Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

Router's graphical user interface (GUI) highlighting key steps to creating a new site-to-site connection.

General

Security Policy

Policy Type - Site to Site
Authentication Method - IKE Using Preshared Secret
Name - Give the connection a name
IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

IKE Authentication

Shared Secret / Confirm Shared Secret - Shared Secret (Step 1)
Local IKE ID - IPv4 Address + IP of your SonicWall
Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Router's graphical user interface (GUI) showing the configuration of the General section of a VPN policy.

Network

Local Networks

Choose local network from list - Select local network you want to access with GoodAccess

Remote Networks

Choose destination network from list - Select your Subnet address object

Router's graphical user interface (GUI) showing the configuration of the Network section of a VPN policy.

Proposals

Must match configuration from GoodAccess (Step 1).

IKE (Phase 1) Proposal

Exchange - IKEv2 Mode
DH Group - Group 14
Encryption - AES-256
Authentication - SHA256
Life Time (seconds) - IKE Lifetime (Phase 1)

IPSec (Phase 2) Proposal

Protocol - ESP
Encryption - AES-256
Authentication - SHA256
Enable Perfect Forward Secrecy
DH Group - Group 14
Life Time (seconds) - Tunnel Lifetime (Phase 2)

Router's graphical user interface (GUI) showing the configuration of the Proposals section of a VPN policy.

Advanced

Enable Keep Alive

Click Save.

Router's graphical user interface (GUI) showing the configuration of the Advanced section of a VPN policy.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

UDP 500
UDP 4500

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
SonicWall - Network > IPSec VPN > Rules & Settings > Active Tunnels

PreviousMikroTik NextUniFi USG

Last updated 5 months ago

Was this helpful?