SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your SonicWall

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

You have to create two objects - gateway and subnet.

Router's graphical user interface (GUI) highlighting key steps to creating a new address object.
Creating a new address object

Gateway

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Host

  • IP Address - IP of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Gateway address object.
Setting up the Gateway address object

Subnet

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Network

  • Network - Subnet of your GoodAccess Gateway

  • Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Subnet address object.
Setting up the Subnet address object

Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

Router's graphical user interface (GUI) highlighting key steps to creating a new site-to-site connection.
Creating a new site-to-site connection

General

Security Policy

  • Policy Type - Site to Site

  • Authentication Method - IKE Using Preshared Secret

  • Name - Give the connection a name

  • IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

IKE Authentication

  • Shared Secret / Confirm Shared Secret - Shared Secret (Step 1)

  • Local IKE ID - IPv4 Address + IP of your SonicWall

  • Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Router's graphical user interface (GUI) showing the configuration of the General section of a VPN policy.
Setting up the General section

Network

Local Networks

  • Choose local network from list - Select local network you want to access with GoodAccess

Remote Networks

Router's graphical user interface (GUI) showing the configuration of the Network section of a VPN policy.
Setting up the Network section

Proposals

Must match configuration from GoodAccess (Step 1).

IKE (Phase 1) Proposal

  • Exchange - IKEv2 Mode

  • DH Group - Group 14

  • Encryption - AES-256

  • Authentication - SHA256

  • Life Time (seconds) - IKE Lifetime (Phase 1)

IPSec (Phase 2) Proposal

  • Protocol - ESP

  • Encryption - AES-256

  • Authentication - SHA256

  • Enable Perfect Forward Secrecy

  • DH Group - Group 14

  • Life Time (seconds) - Tunnel Lifetime (Phase 2)

Router's graphical user interface (GUI) showing the configuration of the Proposals section of a VPN policy.
Setting up the Proposals section

Advanced

  • Enable Keep Alive

Click Save.

Router's graphical user interface (GUI) showing the configuration of the Advanced section of a VPN policy.
Setting up the Advanced section

You have now successfully connected your device to GoodAccess.

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • SonicWall - Network > IPSec VPN > Rules & Settings > Active Tunnels

Last updated

Was this helpful?