SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your SonicWall
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

You have to create two objects - gateway and subnet.

Gateway

Name - Give the object a name
Zone Assignment - VPN
Type - Host
IP Address - IP of your GoodAccess Gateway

Click Save.

Subnet

Name - Give the object a name
Zone Assignment - VPN
Type - Network
Network - Subnet of your GoodAccess Gateway
Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

General

Security Policy

Policy Type - Site to Site
Authentication Method - IKE Using Preshared Secret
Name - Give the connection a name
IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

IKE Authentication

Shared Secret / Confirm Shared Secret - Shared Secret (Step 1)
Local IKE ID - IPv4 Address + IP of your SonicWall
Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Network

Local Networks

Choose local network from list - Select local network you want to access with GoodAccess

Remote Networks

Choose destination network from list - Select your Subnet address object

Proposals

Must match configuration from GoodAccess (Step 1).

IKE (Phase 1) Proposal

Exchange - IKEv2 Mode
DH Group - Group 14
Encryption - AES-256
Authentication - SHA256
Life Time (seconds) - IKE Lifetime (Phase 1)

IPSec (Phase 2) Proposal

Protocol - ESP
Encryption - AES-256
Authentication - SHA256
Enable Perfect Forward Secrecy
DH Group - Group 14
Life Time (seconds) - Tunnel Lifetime (Phase 2)

Advanced

Enable Keep Alive

Click Save.

You have now successfully connected your device to GoodAccess.

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
SonicWall - Network > IPSec VPN > Rules & Settings > Active Tunnels

Step 4 - Creating new access rules

Go to Policy > Rules & Policies > Access Rules, and click + Add.

You have to create two access rules - VPN to WAN and VPN to LAN.

VPN to WAN

Name - Give the rule a name
Action - Allow
Type - IPv4
Enable

Source

Zone/Interface - VPN
Address - Select your Gateway address object

Destination

Zone/Interface - WAN

Click Add.

VPN to LAN

Name - Give the rule a name
Action - Allow
Type - IPv4
Enable

Source

Zone/Interface - VPN
Address - Select your Subnet address object

Destination

Zone/Interface - LAN

Click Add.

PreviousMikroTik NextUniFi USG

Last updated 1 month ago