search
GoodAccess WebsiteRequest Free TrialDownload App

SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

hashtag
Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

circle-info

You may return to the configuration via the Edit button of your Branch at any time.

circle-info

Example of configuration:

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your SonicWall

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048

hashtag
Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

circle-info

You have to create two objects - gateway and subnet.

Router's graphical user interface (GUI) highlighting key steps to creating a new address object.
Creating a new address object

hashtag
Gateway

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Host

  • IP Address - IP of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Gateway address object.
Setting up the Gateway address object

hashtag
Subnet

  • Name - Give the object a name

  • Zone Assignment - VPN

  • Type - Network

  • Network - Subnet of your GoodAccess Gateway

  • Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Router's graphical user interface (GUI) highlighting key steps to configuring the Subnet address object.
Setting up the Subnet address object

hashtag
Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

Router's graphical user interface (GUI) highlighting key steps to creating a new site-to-site connection.
Creating a new site-to-site connection

hashtag
General

hashtag
Security Policy

  • Policy Type - Site to Site

  • Authentication Method - IKE Using Preshared Secret

  • Name - Give the connection a name

  • IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

hashtag
IKE Authentication

  • Shared Secret / Confirm Shared Secret - Shared Secret (Step 1)

  • Local IKE ID - IPv4 Address + IP of your SonicWall

  • Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Router's graphical user interface (GUI) showing the configuration of the General section of a VPN policy.
Setting up the General section

hashtag
Network

hashtag
Local Networks

  • Choose local network from list - Select local network you want to access with GoodAccess

hashtag
Remote Networks

Router's graphical user interface (GUI) showing the configuration of the Network section of a VPN policy.
Setting up the Network section

hashtag
Proposals

circle-info

Must match configuration from GoodAccess (Step 1).

hashtag
IKE (Phase 1) Proposal

  • Exchange - IKEv2 Mode

  • DH Group - Group 14

  • Encryption - AES-256

  • Authentication - SHA256

  • Life Time (seconds) - IKE Lifetime (Phase 1)

hashtag
IPSec (Phase 2) Proposal

  • Protocol - ESP

  • Encryption - AES-256

  • Authentication - SHA256

  • Enable Perfect Forward Secrecy

  • DH Group - Group 14

  • Life Time (seconds) - Tunnel Lifetime (Phase 2)

Router's graphical user interface (GUI) showing the configuration of the Proposals section of a VPN policy.
Setting up the Proposals section

hashtag
Advanced

  • Enable Keep Alive

Click Save.

Router's graphical user interface (GUI) showing the configuration of the Advanced section of a VPN policy.
Setting up the Advanced section

You have now successfully connected your device to GoodAccess.

circle-exclamation

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

circle-info

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • SonicWall - Network > IPSec VPN > Rules & Settings > Active Tunnels

PreviousMikroTikNextUniFi USG

Last updated

Was this helpful?