Main Menu
SonicWall
  • Products
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security
        Management
      • Secure SD-WAN
      • SonicProtect Subscription
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
      • Cloud Secure Edge
    • Managed XDR
      • Managed Security Services
      • Managed Detection and Response (MDR)
      • Cloud Detection & Response
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • SonicPlatform

      SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.

      Discover More
      • All Products A–Z
      Free Trials
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State Government
      • Local Government
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Widgets
      • Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Service Providers
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Technical Certification Training
    • Widgets
      • Content Widgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Cloud Secure Edge Docs
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Widgets
      • Content Widgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Image Widgets
  • Company
    • Company
      • Newsroom
      • Awards
      • Leadership
      • Press Kit
      • Careers
    • Promotions
      • SonicWall Promotions
      • Customer Loyalty Program
    • Managed Services
      • Managed Security Services
      • Security as a Service
      • Professional Services
  • Promotions
    • SonicWall Promotions
    • Customer Loyalty Program
  • Managed Services
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Us
  • English English English en
  • Partner Portal
  • Resources
  • Blog
  • Events
  • en
    • English
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • SonicPlatform

      SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.

      Discover More
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security
        Management
      • Secure SD-WAN
      • SonicProtect Subscription
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
      • Cloud Secure Edge
    • Managed XDR
      • Managed Security Services
      • Managed Detection and Response (MDR)
      • Cloud Detection & Response
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
  • Solutions
    • Federal

      Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      Learn More
      Federal

      Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      Learn More
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State Government
      • Local Government
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
  • Partners
    • Partner Portal

      Access to deal registration, MDF, sales and marketing tools, training and more

      Learn More
      Partner Portal

      Access to deal registration, MDF, sales and marketing tools, training and more

      Learn More
    • SonicWall Partners
      • Partners Overview
      • Service Providers
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Technical Certification Training
  • Support
    • Support Portal

      Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      Learn More
      Support Portal

      Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      Learn More
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Cloud Secure Edge Docs
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
  • Company
    • Company
      • Newsroom
      • Awards
      • Leadership
      • Press Kit
      • Careers
    • Promotions
      • SonicWall Promotions
      • Customer Loyalty Program
    • Managed Services
      • Managed Security Services
      • Security as a Service
      • Professional Services
  • Contact Us

How to Configure SD-WAN on VPN Numbered Tunnels from Cli

03/26/2020 31 People found this article helpful 481,460 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This Article details how to configure SD-WAN on VPN Numbered Tunnels from Cli

    Resolution

    1. Add VPN Policy 'VPN1'
    admin@C0EAE4B1F5B2> config
    config(C0EAE4B1F5B2)# vpn policy tunnel-interface VPN1
    (add-tunnel-interface[VPN1])# gateway primary 10.1.1.1
    (add-tunnel-interface[VPN1])# auth-method shared-secret
    (add-tunnel-interface[VPN1])# bound-to interface X1
    (add-tunnel-interface[VPN1])# proposal ike authentication sha-256
    (add-tunnel-interface[VPN1])# proposal ike dh-group 2
    (add-tunnel-interface[VPN1])# proposal ike encryption aes-128
    (add-tunnel-interface[VPN1])# proposal ike exchange ikev2
    (add-tunnel-interface[VPN1])# proposal ike lifetime 28800
    (add-tunnel-interface[VPN1])# proposal ipsec authentication sha-256
    (add-tunnel-interface[VPN1])# proposal ipsec encryption aes-128
    (add-tunnel-interface[VPN1])# proposal ipsec lifetime 28800
    (add-tunnel-interface[VPN1])# proposal ipsec protocol esp
    (auth-method-shared-secret[VPN1])# shared-secret S()nicw@ll
    (auth-method-shared-secret[VPN1])# exit
    (add-tunnel-interface[VPN1])# commit
    (edit-tunnel-interface[VPN1])# exit
    config(C0EAE4B1F5B2)#

     

    2. Add VPN Policy 'VPN2'
    config(C0EAE4B1F5B2)# vpn policy tunnel-interface VPN2
    (add-tunnel-interface[VPN2])# gateway primary 20.1.1.1
    (add-tunnel-interface[VPN2])# auth-method shared-secret
    (add-tunnel-interface[VPN2])# bound-to interface X2
    (add-tunnel-interface[VPN2])# proposal ike authentication sha-256
    (add-tunnel-interface[VPN2])# proposal ike dh-group 2
    (add-tunnel-interface[VPN2])# proposal ike encryption aes-128
    (add-tunnel-interface[VPN2])# proposal ike exchange ikev2
    (add-tunnel-interface[VPN2])# proposal ike lifetime 28800
    (add-tunnel-interface[VPN2])# proposal ipsec authentication sha-256
    (add-tunnel-interface[VPN2])# proposal ipsec encryption aes-128
    (add-tunnel-interface[VPN2])# proposal ipsec lifetime 28800
    (add-tunnel-interface[VPN2])# proposal ipsec protocol esp
    (auth-method-shared-secret[VPN2])# shared-secret S()nicw@ll
    (auth-method-shared-secret[VPN2])# exit
    (add-tunnel-interface[VPN2])# commit
    (edit-tunnel-interface[VPN2])# exit
    config(C0EAE4B1F5B2)#

     

    3. Add Numbered Tunnel Interface 'TI_1'
    config(C0EAE4B1F5B2)# tunnel-interface vpn TI_1
    (add-interface[TI_1])# policy VPN1
    (add-interface[TI_1])# ip-assignment VPN static
    (add-VPN-static)# ip 1.1.1.1 netmask 255.255.255.252
    (add-VPN-static)# commit
    (edit-VPN-static)# exit
    (edit-interface[TI_1])# exit
    config(C0EAE4B1F5B2)#

     

    4. Add Numbered Tunnel Interface 'TI_2'
    config(C0EAE4B1F5B2)# tunnel-interface vpn TI_2
    (add-interface[TI_2])# policy VPN2
    (add-interface[TI_2])# ip-assignment VPN static
    (add-VPN-static)# ip 2.2.2.1 netmask 255.255.255.252
    (add-VPN-static)# commit
    (edit-VPN-static)# exit
    (edit-interface[TI_2])# exit
    config(C0EAE4B1F5B2)#

     

    5. Configure SD-WAN Group 'Tunnel_Interface_Grp' and add Tunnel Interface 'TI_1', 'TI_2'.
    config(C0EAE4B1F5B2)# sdwan
    (config-sdwan)# group Tunnel_Interface_Grp
    (add-group[Tunnel_Interface_Grp])# interface
    (add-group[Tunnel_Interface_Grp])# interface TI_1
    (add-group-member[TI_1])# priority 1
    (add-group-member[TI_1])# exit
    (add-group[Tunnel_Interface_Grp])# interface TI_2
    (add-group-member[TI_2])# priority 2
    (add-group-member[TI_2])# exit
    (add-group[Tunnel_Interface_Grp])# commit
    (edit-group[Tunnel_Interface_Grp])# exit
    (config-sdwan)#

     

    6. Add Performance Class Object 'Latency_Jitter 10ms'
    (config-sdwan)# performance-class-object Latency_Jitter 10ms
    (add-sdwan-performance-class-object[Latency_Jitter 10ms])# jitter 10
    (add-sdwan-performance-class-object[Latency_Jitter 10ms])# latency 10
    (add-sdwan-performance-class-object[Latency_Jitter 10ms])# packet-loss 0
    (add-sdwan-performance-class-object[Latency_Jitter 10ms])# commit
    (edit-sdwan-performance-class-object[Latency_Jitter 10ms])# exit
    (config-sdwan)#

     

    7. Add Path Selection Profile 'PSP_Citrix'
    (config-sdwan)# path-selection-profile PSP_Citrix
    (add-sdwan-path-selection-profile[PSP_Citrix])# performance-class Latency_Jitter 10ms
    (add-sdwan-path-selection-profile[PSP_Citrix])# performance-probe VPN\ Probe\ -\ Tunnel_Interface_Grp
    (add-sdwan-path-selection-profile[PSP_Citrix])# sdwan-group Tunnel_Interface_Grp
    (add-sdwan-path-selection-profile[PSP_Citrix])# commit
    (edit-sdwan-path-selection-profile[PSP_Citrix])# exit
    (config-sdwan)# exit

     

    8. Add SD-WAN Route
    config(C0EAE4B1F5B2)# route-policy interface Tunnel_Interface_Grp metric 1 source ANY destination ANY service group Citrix path-selection-profile PSP_Citrix
    (add-route-policy)# commit
    (edit-route-policy)# exit

    Related Articles

    • How to Block Google QUIC Protocol on SonicOSX 7.0?
    • How to block certain Keywords on SonicOSX 7.0?
    • How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation

    Categories

    • Firewalls > NSa Series > SD-WAN
    • Firewalls > SonicWall NSA Series > SD-WAN

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    • Hidden

    Article Not Helpful Form

    • Hidden
    Follow Us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2024 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs
    Subscribe to newsletter

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • Hidden
    • This field is for validation purposes and should be left unchanged.
    Scroll to top