search
GoodAccess WebsiteRequest Free TrialDownload App

SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

hashtag
Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter a Name (e.g., Prague Office), select the required Gateway, and define your local Subnets (using CIDR notation).

Choose IPSec Protocol, and click Continue.

Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set on your device in the next steps.

Click Submit to finish, or Continue to define optional Branch Segments for finer access control.

circle-info

You may return to the configuration via the Edit button of your Branch at any time.

circle-info

Example of configuration:

  • Shared Secret - Create a new strong password

  • Public IP - IP of your SonicWall

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048

hashtag
Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

circle-info

You have to create two objects - gateway and subnet.

Router's graphical user interface (GUI) highlighting key steps to creating a new address object.
Creating a new address object

hashtag
Gateway

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Host

  • IP Address - IP of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Gateway address object.
Setting up the Gateway address object

hashtag
Subnet

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Network

  • Network - Subnet of your GoodAccess Gateway

  • Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Subnet address object.
Setting up the Subnet address object

hashtag
Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

Router's graphical user interface (GUI) highlighting key steps to creating a new site-to-site connection.
Creating a new site-to-site connection

hashtag
General

hashtag
Security Policy

  • Policy Type - Site to Site

  • Authentication Method - IKE Using Preshared Secret

  • Name - Give the connection a name

  • IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

hashtag
IKE Authentication

  • Shared Secret / Confirm Shared Secret - Shared Secret (Step 1)

  • Local IKE ID - IPv4 Address + IP of your SonicWall

  • Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Router's graphical user interface (GUI) showing the configuration of the General section of a VPN policy.
Setting up the General section

hashtag
Network

hashtag
Local Networks

  • Choose local network from list - Select local network you want to access with GoodAccess

hashtag
Remote Networks

Router's graphical user interface (GUI) showing the configuration of the Network section of a VPN policy.
Setting up the Network section

hashtag
Proposals

circle-info

Must match configuration from GoodAccess (Step 1).

hashtag
IKE (Phase 1) Proposal

  • Exchange - IKEv2 Mode

  • DH Group - Group 14

  • Encryption - AES-256

  • Authentication - SHA256

  • Life Time (seconds) - IKE Lifetime (Phase 1)

hashtag
IPSec (Phase 2) Proposal

  • Protocol - ESP

  • Encryption - AES-256

  • Authentication - SHA256

  • Enable Perfect Forward Secrecy

  • DH Group - Group 14

  • Life Time (seconds) - Tunnel Lifetime (Phase 2)

Router's graphical user interface (GUI) showing the configuration of the Proposals section of a VPN policy.
Setting up the Proposals section

hashtag
Advanced

  • Enable Keep Alive

Click Save.

Router's graphical user interface (GUI) showing the configuration of the Advanced section of a VPN policy.
Setting up the Advanced section

You have now successfully connected your device to GoodAccess.

circle-exclamation

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

circle-info

You may check the status of the connection in:

  • GoodAccess: Go to Control Panel > Network > Clouds & Branches to view the tunnel status. Use the Test Connection button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).

  • SonicWall: Go to Network > IPSec VPN > Rules & Settings > Active Tunnels.

PreviousMikroTikNextUniFi USG

Last updated

Was this helpful?