SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

PreviousMikroTik NextUniFi USG

Last updated 2 months ago

Was this helpful?

SonicWall

This guide will show you how to connect your SonicWall device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your SonicWall
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating new address objects

Log in to your SonicWall device, and go to Object > Match Objects > Addresses > Address Objects. Click + Add.

You have to create two objects - gateway and subnet.

Gateway

Name - Give the object a name
Zone Assignment - VPN
Type - Host
IP Address - IP of your GoodAccess Gateway

Click Save.

Subnet

Name - Give the object a name
Zone Assignment - VPN
Type - Network
Network - Subnet of your GoodAccess Gateway
Netmask / Prefix Length - Subnet Mask of your GoodAccess Gateway

Click Save.

Step 3 - Creating a new site-to-site connection

Go to Network > IPSec VPN > Rules and Settings > Policies > IPv4, and click + Add.

General

Security Policy

Policy Type - Site to Site
Authentication Method - IKE Using Preshared Secret
Name - Give the connection a name
IPsec Primary Gateway Name or Address - IP of your GoodAccess Gateway

IKE Authentication

Local IKE ID - IPv4 Address + IP of your SonicWall
Peer IKE ID - IPv4 Address + IP of your GoodAccess Gateway

Network

Local Networks

Choose local network from list - Select local network you want to access with GoodAccess

Remote Networks

Proposals

IKE (Phase 1) Proposal

Exchange - IKEv2 Mode
DH Group - Group 14
Encryption - AES-256
Authentication - SHA256
Life Time (seconds) - IKE Lifetime (Phase 1)

IPSec (Phase 2) Proposal

Protocol - ESP
Encryption - AES-256
Authentication - SHA256
Enable Perfect Forward Secrecy
DH Group - Group 14
Life Time (seconds) - Tunnel Lifetime (Phase 2)

Advanced

Enable Keep Alive

Click Save.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

UDP 500
UDP 4500

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
SonicWall - Network > IPSec VPN > Rules & Settings > Active Tunnels

PreviousMikroTik NextUniFi USG

Last updated 2 months ago

Was this helpful?