• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

Prerequisites

The SonicWall CloudEdge SASE Network offers several different ways to connect your cloud/on-premise infrastructure. While our solution is hardware-free, there are some minimal requirements for a successful Site-to-Site connection which will be covered in the following article:

• Internal network compliant subnet
• IPSec tunneling supporting router

• Wireguard Tunneling using a Linux Server that is free to host the connection (it can be a Virtual Machine)

Internal Network Subnet

The SonicWall CloudEdge SASE network is designed according to internationally acknowledged standards and follows the RFC conventions regulated by the American internet authorities. In order to successfully incorporate SonicWall CloudEdge in your architecture please make sure that:

1. Your internal network follows industry-accepted design patterns.
2. VPCs or DC with overlapping subnets does not reside in the same network.
3. Your SonicWall CloudEdge network subnet does not overlap with your network subnet.
4. All subnet masks are either class B or C (HIGHLY RECOMMENDED).
5. Your internal network has a static public IP (RECOMMENDED).

192.162.1.0/24, 192.168.0.0/24 and 10.0.0.0/24 are the most commonly used subnet for IoT applications. If you plan to connect a site with this CIDR, you could be experiencing an IP conflict with users trying to reach this from home.

You may want to change it to anything else (for example 192.168.81.0/24 or 10.81.0.0/24) prior to connecting a site to your SonicWall CloudEdge network.

A Site-to-Site connection between your SonicWall CloudEdge Network and your Cloud infrastructure can be easily implemented with any IaaS provider, however, if you'd like to connect to your on-premise infrastructure make sure that at least one of the following requirements is fulfilled.

IPSec Tunneling Support

Make sure you edge device (firewall or router) supports IPSec tunneling. If you are not sure, you can search it at our "Connect On-Prem Resources" section or look at the manufacturer's official documentation. If it is not supported, or if you prefer avoiding adjustments in your FW or Router Interface, move on to the next step.

Wireguard Server

A Site-to-Site connection can also be achieved by deploying a SonicWall CloudEdge connector on a virtual/bare-metal Linux server fulfilling the following requirements:

1. Kernel: Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS or CentOS 7 (RedHat distributions)
2. Packages Installed: (UBUNTU) curl; dig; software-properties-common or (CentOS) curl, bind-utils
3. Free Disc Space: 20 GB available
4. Free Memory: 2GB RAM
5. A static internal IP address

6. A network adapter cannot be NAT - only Bridge.

7. If you are hosting the Linux machine on a Windows host, virtualization must be enabled on the Windows BIOS to allow Virtualization.

Once you make sure these prerequisites are fulfilled you can move on to the next stage, choosing the Site-to-Site connection type which fits your use case the best.