• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

SonicWall

This article describes how to configure to establish a Site-To-Site IPSec VPN connection between a SonicWall firewall and the network.

• Tunnel creation
• Creating objects in SonicWall Cloud Edge
• Site to site creation

Tunnel creation

1. Go to the Gateway in your network from which you want to create the tunnel to Azure.

2. Select the three-dotted menu (...) and select Add Tunnel.

   General Settings

   

3. Name - Set the name for the Tunnel.
4. Shared Secret - Put a shared secret or select Generate.
5. Public IP and Remote ID - put your SonicWall Public IP address.
6. In Gateway Proposal Subnets Choose Any or Specific Subnet.

7. In Remote Gateway Proposal Subnets put your internal subnet.

   

   Advanced Settings

   • IKE Version: V2
   • IKE Lifetime: 8h
   • Tunnel Lifetime: 1h
   • Dead Peer Detection Delay: 10s
   • Dead Peer Detection Timeout: 30s
   • Encryption (Phase 1): aes256
   • Encryption (Phase 2): aes256
   • Integrity (Phase 1): sha1
   • Integrity (Phase 2): sha1
   • Deffie-Hellman Groups (Phase 1): 2
   • Deffie-Hellman Groups (Phase 1): 2
8. Select Add Tunnel.

Creating objects in SonicWall Cloud Edge

1. Go to Objects in SonicWall Cloud Edge.
2. Go to Address Object.
3. Select Add.

4. Add Gateway address.

   

   • Name: SDP VPN Gateway
   • Zone Assignment: VPN
   • Type: Host
   • IP Address: 172.105.57.96

5. Add Subnet Network.

   

   • Name: SDP Network
   • Zone Assignment: VPN
   • Type: Network
   • Network: 10.255.0.0
   • Netmask/Prefix Length: 255.255.0.0

   

   • Name: SonicWall Local LAN
   • Zone Assignment: VPN
   • Type: Network
   • Network: 10.40.0.0
   • Netmask/Prefix Length: 255.255.0.0
   • Access Rule 1. Go to Policy:-> Rules.
6. Select Add.

7. First Rule to add: SDP WAN Rule

   

   • Policy Name: SDP WAN Rule
   • Action: Allow
   • Type: IPv4
   • Schedule: Always
   • Enable: On
   • Security Rule Action : Default Profile
   • Source Zone/Interface: VPN
   • Source Address: SDP VPN Gateway
   • Source Port/Services: Any
   • Destination Zone/Interface: WAN
   • Destination Address: WAN Subnets
   • Destination Port/Services: Any
   • Select Save.

Second Rule: VPN to LAN

• Policy Name: SonicWall LAN Rule
• Action: Allow
• Type: IPv4
• Schedule: Always
• Enable: On
• Security Rule Action : Default Profile
• Source Zone/Interface: VPN
• Source Address: SDP Network
• Source Port/Services: Any
• Destination Zone/Interface: LAN
• Destination Address: SonicWall Local LAN
• Destination Port/Services: Any
• Select Save.

Site-to-Site creation

1. Go to VPN.
2. Under Base Settings add VPN Policy.

General Tab

Security Policy

• Policy Type: Site to Site
• Authentication Method: IKE using Preshared Secret
• Name: Give it name ex. "CloudEdgeIPSEC"
• IPsec Primary Gateway Name or Address: 172.105.57.96
• IPsec Secondary Gateway Name or Address: 0.0.0.0

IKE Authentication

• Shared Secret: put the same shared secret you set in the Management Platform
• Confirm Secret: put the secret again
• Local IKE ID: IPv4 Address: 3.20.28.110
• Peer IKE ID: IPv4 Address: 172.105.57.96

Network Tab

Local Networks

• Select a local network from the list: choose your local network object

Remote Networks

• Select the destination network from the list: choose Network object

Proposals Tab

IKE (Phase 1) Proposal

• Exchange: IKEv2 Mode
• DH Group: Group 14
• Encryption: AES-256
• Authentication: SHA256
• Life Time (seconds): 28800

IPsec (Phase 2) Proposal

• Protocol: ESP
• Encryption: AES-256
• Authentication: SHA256
• Select "Enable Perfect Forward Security"
• DH Group: Group 14
• Life Time (seconds): 28800

You can use different Encryption, Authentication, and DH Group setting as long as you put the same settings in the Management Platform.

Advanced Tab

Advanced Setting

1. Mark v in Enable Keep Alive.

2. Select OK to create the new VPN Policy.

Make sure the new Policy you created is enabled. You can select the play button right to the Currently Active VPN Tunnels and you should see that your new tunnel is up.

If the tunnel won't start you should go to Event Logs and look for errors regarding the new VPN policy you created.