Contents

Dell SonicWALL TZ400 and Firebox VPN Integration Guide

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This integration guide describes how to configure a BOVPN virtual interface tunnel between a WatchGuard Firebox and a Dell SonicWALL® TZ400.

Integration Summary

The hardware and software used in this guide include:

  • WatchGuard T55-W
    • Fireware v12.4.1 or higher
  • Dell SonicWALL TZ400
    • SonicOS Enhanced Version 6.5.4.3-28n or higher

Test Topology

This diagram shows the topology used to test this integration.

Topology diagram

Configure the Firebox

To configure a BOVPN virtual interface on your Firebox, from Fireware Web UI:

  1. Log in as a user with administrator credentials.
  2. Select VPN > BOVPN Virtual Interfaces.
  3. Click Add.
  4. In the Interface Name text box, type a name to identify this BOVPN virtual interface.
  5. From the Remote Endpoint Type drop-down list, select Cloud VPN or Third-Party Gateway.
  6. Keep the default Gateway Address Family setting, which is IPv4 Addresses.
  7. In the Credential Method section, select Use Pre-Shared Key.
  8. In the adjacent text box, type the pre-shared key.

Screenshot of the gateway settings

  1. In the Gateway Endpoint section, click Add.
    The Gateway Endpoint Settings dialog box appears.
  2. On the Local Gateway tab, from the Physical drop-down list, select External.
  3. From the Interface IP Address drop-down list, select Primary Interface IPv4 Address.
  4. Select By IP Address.
  5. In the adjacent text box, type the public (external) IP address of your Firebox.

Screenshot of the local gateway settings

  1. On the Remote Gateway tab, select Static IP Address.
  2. In the adjacent text box, type the outgoing public IP address of the Dell SonicWALL TZ400.
  3. Select By IP Address.
  4. In the adjacent text box, type the outgoing public IP address of the Dell SonicWALL TZ400.

Screenshot of the remote gateway settings

  1. Click OK.
  2. In the Gateway Endpoint section, select Start Phase 1 tunnel when it is inactive.
  3. Select Add this tunnel to the BOVPN-Allow policies.

Screenshot of the completed gateway settings

  1. Click the VPN Routes tab.
  2. Click Add.
  3. From the Choose Type drop-down list, select Network IPv4.
  4. In the Route To text box, type the IP segment of a route that will use this virtual interface.

Screenshot of the VPN route settings

  1. Click OK.

Screenshot of completed VPN route settings

  1. Click the Phase 1 Settings tab.
  2. From the Version drop-down list, select IKEv2.
  3. Keep all other Phase 1 settings as the default values.

Screen shot of the Phase 1 settings

  1. Keep Phase 2 Settings as the default values.

Screen shot of the Phase 2 settings

  1. Click Save.

Configure the Dell SonicWALL TZ400

Zone and Interface Settings

  1. Log in to the Dell SonicWALL TZ400 Web UI at https://<IP address of TZ400>. The default IP address is 192.168.168.168.
  2. Configure zones and interfaces. For information about how to configure zones and interfaces, see the Dell SonicWALL TZ400 documentation.

Screen shot of the SonicWall Zones page

Screenshot of the SonicWALL Interfaces page

IPSec VPN Settings

  1. Select Manage > Objects > Address Objects.
  2. To add a new object, click Add.
  3. In the Name text box, type the object name. In our example, the name is WGINT.
  4. From the Zone Assignment drop-down list, select VPN.
  5. From the Type drop-down list, select Network.
  6. In the Network text box, type the network address.
  7. In the Netmask/Prefix Length text box, type the netmask.

Screen shot of the address object settings

  1. Click Add.
  2. Click Close.

Screen shot of the address objects page

  1. Select Manage > VPN > Base Settings.
  2. In the VPN Policies section, click Add.
  3. From the Policy Type drop-down list, select Tunnel Interface.
  4. From the Authentication Method drop-down list, select IKE using Preshared Secret.
  5. In the Name text box, type a descriptive name for this VPN. In our example, the name is VPN with WG.
  6. In the IPsec Primary Gateway Name or Address text box, type the peer IP address.
  7. Select Mask Shared Secret.
  8. In the Shared Secret and Confirm Shared Secret text boxes, type the pre-shared secret key.
  9. From the Local IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the local outgoing public IP address.
  10. From the Peer IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the WatchGuard Firebox public IP address.

Screenshot of the SonicWALL TZ400 Network Security Appliance dialog box, General tab1

  1. Select the Proposals tab.

Screenshot of the SonicWALL TZ400, Proposals tab1

  1. In the IKE (Phase 1) Proposal section, from the Exchange drop-down list, select IKEv2 Mode.
  2. From the DH Group drop-down list, select Group 14.
  3. From the Encryption drop-down list, select AES-256.
  4. From the Authentication drop-down list, select SHA256.
  5. In the Ipsec (Phase 2) Proposal section, from the Protocol drop-down list, select ESP.
  6. From the Encryption drop-down list, select AES-256.
  7. From the Authentication drop-down list, select SHA256.
  8. Check the Enable Perfect Forward Secrecy box.
  9. From the DH Group drop-down list, select Group 14.
  10. For all other settings, keep the default values.
  11. Click OK.

Screenshot of the SonicWALL TZ400 VPN Policies dialog box

Route Policy Settings

  1. Select Manage > Network > Routing.
  2. In the Route Policies section, click Add.
  3. In the Name text box, type the object name. In our example, the name is policy.
  4. From the Source drop-down list, select X2 subnet. In our example, the X2 subnet is 192.168.13.0/24.
  5. From the Destination drop-down list, select WGINT.
  6. From the Service drop-down list, select Any.
  7. From the Interface drop-down list, select VPN with WG.
  8. For all other settings, keep the default values.

Screenshot of the SonicWALL TZ400 route policy

  1. Click OK.

Screenshot of the SonicWALL TZ400 route policy

Test the Integration

  1. Log in to the Firebox Web UI.
  2. Select System Status > VPN Statistics.
  3. Verify the VPN tunnel is active.
  4. Log in to the Dell SonicWALL TZ400 Web UI.
  5. Verify the VPN tunnel is active.
  6. Verify the hosts behind the Firebox and behind the SonicWALL can successfully ping each other.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search