SonicWall

Introduction

This guide will lead you through the steps to establish a Site-to-Site VPN tunnel between your Perimeter 81 network and the SonicWall Firewall environment.

Breakdown of topics

1. Pre-requisites
2. Configuration Steps
3. Verifying the Setup
4. Troubleshooting
5. Support Contacts

Pre-requisites

To successfully follow this guide, ensure that:

1. You have an active Perimeter 81 account with an existing network.
2. The Perimeter 81 application is installed on your devices.
3. You have an operational SonicWall Firewall setup with necessary administrative privileges.

Creating a Perimeter 81 Site-to-Site Tunnel

1. Go to the Gateway in your network from which you want to create the tunnel to the SonicWall Firewall.
2. Select the three-dotted menu (...) and select Add Tunnel.
3. Select IPSec Site-2-Site Tunnel and select Continue.
4. Select Single Tunnel, and Click Continue.
   
5. Under General Settings, enter the following:
   • Name - Set the name for the Site.
   • Shared Secret - Put a shared secret or select Generate.
   • Public IP and Remote ID - Input your Sonicwall Firewall Public WAN IP address.
     Double NAT

     If the SonicWall firewall is behind another router, please input the local LAN IP of the SonicWall under Remote ID (for example: 192.168.1.2),
   • In Perimeter 81 Gateway Proposal Subnets Choose your Perimeter81 Network Subnet (By default: 10.255.0.0/16, in this screenshot: 10.254.0.0/16).
   • In Remote Gateway Proposal Subnets, input your SonicWall internal LAN subnet.
     
6. At the Advanced Settings section complete the following information:
   
   • IKE: IKE Version 2
   • IKE Lifetime: 8h
   • Tunnel Lifetime: 1h
   • Dead Peer Detection Delay: 10s
   • Dead Peer Detection Timeout: 30s
   • Encryption (Phase 1): aes256
   • Encryption (Phase 2): aes256
   • Integrity (Phase 1): sha1
   • Integrity (Phase 2): sha1
   • Diffie Hellman Groups (Phase 1): 2
   • Diffie Hellman Groups (Phase 2): 2
7. Click "Add Tunnel".

Creating objects in SonicWall

1. Open the SonicWall user interface, and select Objects.
2. Go to Address Objects.
3. Click Add.
4. Create an address object for your external Perimeter81 Gateway address.
   
   • Name: Select a logical name. For example,  "P81-Silicon-Valley"
   • Zone Assignment: VPN
   • Type: Host
   • IP Address: Input your Perimeter 81 gateway address.
     
5. Add another Object (steps 1-3) for your internal Perimeter 81 Subnet.
   
   • Name: Select a logical name. Example: "P81-Network"
   • Zone Assignment: VPN
   • Type: Network
   • Network: Your Perimeter 81 Subnet (usually 10.255.0.0).
   • Netmask/Prefix Length: Your Perimeter 81 Subnet mask (usually 255.255.0.0).
     Finding your Perimeter 81 Subnet

     1. Go to your Perimeter 81 Admin console, and navigate to the network.
     2. Click the ellipses ("...") -> Edit network.
        
     3. Your Perimeter 81 Subnet should be under Subnet (optional).
        
     
     

Defining firewall Policies in the SonicWall Interface

• VPN to WAN Rule
  1. Go to Policy -> Rules.
  2.  Select Add.
     
     • Policy Name: P81-WAN
     • Action: Allow
     • From: VPN
     • To: WAN
     • Source Port: Any
     • Service: Any
     • Source: P81-Gateway object
     • Destination: Your external internet interface object
  3. Select Add.

• VPN to LAN Rule
  1. Go to Policy:-> Rules.
  2. Select Add.
     
     • Policy Name: P81-LA
     • Action: Allow
     • From: VPN
     • To: LAN
     • Source Port: Any
     • Service: Any
     • Source: P81: P81-Network (the Perimeter 81 subnet) Object
     • Destination: Your internal subnet object
  3. Select Add.

Crating a Site-to-Site connection in the SonicWall interface

1. In the SonicWall interface, navigate to VPN.
2. Under Base Settings, add a VPN Policy.
   • General Tab
     
     
     • Security Policy
       • Policy Type: Site to Site
       • Authentication Method: IKE using Preshared Secret.
       • Name: Give it a name ex. "P81-Silicon Valley"
       • IPsec Primary Gateway Name or Address: Input your P81 gateway address.
       • IPsec Secondary Gateway Name or Address: Leave blank.
     • IKE Authentication
       • Shared Secret: Input the same shared secret you set in Perimeter 81 tunnel configuration.
       • Confirm Secret: Input the secret again.
       • Local IKE ID: "IPv4 Address: put your local external internet address.
       • Peer IKE ID: "IPv4 Address:" put your P81 gateway address.
   • Network Tab

     
     

     
     • Local Networks
       • Choose a local network from the list:Select your local LAN network from the dropdown list
         Choosing your Local Interface:

         Typically, this will be the subnet labeled "X0 (LAN)" in your SonicWall Network Interface portal.
     • Remote Networks
       • Choose destination network from the list: Select the P81-Network (Perimeter 81 subnet) object
   • Proposals Tab
     
     • IKE (Phase 1) Proposal
       • Exchange: IKEv2 Mode
       • DH Group: Group 2
       • Encryption: AES-256
       • Authentication: SHA1
       • Life Time (seconds): 28800
     • IPSEC (Phase 2) Proposal
       • Protocol: ESP
       • Encryption: AES-256
       • Authentication: SHA1
       • Enable "Enable Perfect Forward Security"
       • DH Group: Group 2
       • Life Time (seconds): 3600
         
   • Advanced Tab

     
     

     
     • Advanced Setting
       • Check the Enable Keep Alive box.
3. Select OK to create the new VPN Policy.
   

Verifying the Setup

After following the above steps, your tunnel should be active.
To verify, go to your Perimeter 81 dashboard, locate the tunnel you just created, and check the tunnel status.
It should indicate that the tunnel is "Up", signifying a successful connection.
Next, connect to your network using the Perimeter 81 agent and attempt to access one of the resources in your environment.

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at [email protected]. We're here to assist you and ensure your VPN tunnel setup is a success.