Cloud Edge Secure Access Getting Started Guide

SonicWall

This article describes how to configure to establish a Site-To-Site IPSec VPN connection between a SonicWall firewall and the network.

  • Tunnel creation
  • Creating objects in SonicWall Cloud Edge
  • Site to site creation

Tunnel creation

  1. Go to the Gateway in your network from which you want to create the tunnel to Azure.

  2. Select the three-dotted menu (...) and select Add Tunnel.

    General Settings

  3. Name - Set the name for the Tunnel.
  4. Shared Secret - Put a shared secret or select Generate.
  5. Public IP and Remote ID - put your SonicWall Public IP address.
  6. In Gateway Proposal Subnets Choose Any or Specific Subnet.
  7. In Remote Gateway Proposal Subnets put your internal subnet.

    Advanced Settings

    • IKE Version: V2
    • IKE Lifetime: 8h
    • Tunnel Lifetime: 1h
    • Dead Peer Detection Delay: 10s
    • Dead Peer Detection Timeout: 30s
    • Encryption (Phase 1): aes256
    • Encryption (Phase 2): aes256
    • Integrity (Phase 1): sha1
    • Integrity (Phase 2): sha1
    • Deffie-Hellman Groups (Phase 1): 2
    • Deffie-Hellman Groups (Phase 1): 2
  8. Select Add Tunnel.

Creating objects in SonicWall Cloud Edge

  1. Go to Objects in SonicWall Cloud Edge.
  2. Go to Address Object.
  3. Select Add.
  4. Add Gateway address.

    image.png

    • Name: SDP VPN Gateway
    • Zone Assignment: VPN
    • Type: Host
    • IP Address: 172.105.57.96
  5. Add Subnet Network.

    image.png

    • Name: SDP Network
    • Zone Assignment: VPN
    • Type: Network
    • Network: 10.255.0.0
    • Netmask/Prefix Length: 255.255.0.0

    • Name: SonicWall Local LAN
    • Zone Assignment: VPN
    • Type: Network
    • Network: 10.40.0.0
    • Netmask/Prefix Length: 255.255.0.0
    • Access Rule 1. Go to Policy:-> Rules.
  6. Select Add.
  7. First Rule to add: SDP WAN Rule

    image.png

    • Policy Name: SDP WAN Rule
    • Action: Allow
    • Type: IPv4
    • Schedule: Always
    • Enable: On
    • Security Rule Action : Default Profile
    • Source Zone/Interface: VPN
    • Source Address: SDP VPN Gateway
    • Source Port/Services: Any
    • Destination Zone/Interface: WAN
    • Destination Address: WAN Subnets
    • Destination Port/Services: Any
    • Select Save.

Second Rule: VPN to LAN

image.png

  • Policy Name: SonicWall LAN Rule
  • Action: Allow
  • Type: IPv4
  • Schedule: Always
  • Enable: On
  • Security Rule Action : Default Profile
  • Source Zone/Interface: VPN
  • Source Address: SDP Network
  • Source Port/Services: Any
  • Destination Zone/Interface: LAN
  • Destination Address: SonicWall Local LAN
  • Destination Port/Services: Any
  • Select Save.

Site-to-Site creation

  1. Go to VPN.
  2. Under Base Settings add VPN Policy.

General Tab

image.png

Security Policy

  • Policy Type: Site to Site
  • Authentication Method: IKE using Preshared Secret
  • Name: Give it name ex. "CloudEdgeIPSEC"
  • IPsec Primary Gateway Name or Address: 172.105.57.96
  • IPsec Secondary Gateway Name or Address: 0.0.0.0

IKE Authentication

  • Shared Secret: put the same shared secret you set in the Management Platform
  • Confirm Secret: put the secret again
  • Local IKE ID: IPv4 Address: 3.20.28.110
  • Peer IKE ID: IPv4 Address: 172.105.57.96

Network Tab

image.png

Local Networks

  • Select a local network from the list: choose your local network object

Remote Networks

  • Select the destination network from the list: choose Network object

Proposals Tab

image.png

IKE (Phase 1) Proposal

  • Exchange: IKEv2 Mode
  • DH Group: Group 14
  • Encryption: AES-256
  • Authentication: SHA256
  • Life Time (seconds): 28800

IPsec (Phase 2) Proposal

  • Protocol: ESP
  • Encryption: AES-256
  • Authentication: SHA256
  • Select "Enable Perfect Forward Security"
  • DH Group: Group 14
  • Life Time (seconds): 28800

You can use different Encryption, Authentication, and DH Group setting as long as you put the same settings in the Management Platform.

Advanced Tab

image.png

Advanced Setting

  1. Mark v in Enable Keep Alive.

  2. Select OK to create the new VPN Policy.

Make sure the new Policy you created is enabled. You can select the play button right to the Currently Active VPN Tunnels and you should see that your new tunnel is up.

If the tunnel won't start you should go to Event Logs and look for errors regarding the new VPN policy you created.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden