Thank you from 2022. I used this for a SonicWALL TZ400 to UDM-Pro. The locations were slightly different than the USG, but it was very close. Thanks, Willie!
Normally dont comment on these videos but a thanks to you as I am a Sonicwall user and have an application which i needed to connect to third party in order to get a tunnel going on a unifi device.. after two hours of messing with it and hitting the how to from sonicwall i tripped across your video... For anyone that is interested, the "wizard" you can run on the sonicwall router to create the tunnel misses half the required info (well not half but you know)... and as a comment you did well without looking it up!! The sonicwall docs says to use "VPN" and not "lan primary subnet"... i was watching your video initally and saying to myself nah this is not going to work... so i kinda ignored sonicwall docs and did it your way.. boom .. done.. thank you now i can carry onto something else today.
THANK YOU SIR!!! We switched from SonicWalls to USGs at remote sites, but our Colo still has a rack mount SonicWall. I tested this method and was connected up within minutes at my home office. I need to start installing these this week, you are a life saver!!
I needed to implement a USG to Sonicwall S2S VPN this week. Your network map and hands on tutorial helped me to complete the project successfully within an hour. Will donate some $$ to the Angry Cloud fund. Thanks Willie!!
Appreciate the video...was exactly what I was looking for! That said, am a little surprised the config worked as displayed as I believe the RemoteLAN address object you created on the SonicWALL should have been in the VPN zone rather than the LAN zone as shown.
Willie, Great video as always. Are you planning some Site-to-Site VPN setups with dynamic IP's? Does not really matter what kit you use (Unifi to something-not-Unifi) but getting a tunnel going with Dynamic IP's on both ends is something I have not been able to get going.
Great video! I tried to apply this to a Sonicwall to Edgerouter4 Site-to-Site VPN but I was not successful. I will not connect. I am not sure what the issue is but when ever it comes to Sonicwall it gets me very frustrated. If there is a chance you can make a tutorial video on that would be fantastic!
Just came by randomly. Been following your videos. You wouldn’t happen to be able to show a video on a site-2-site vpn from a usg to a draytek router? I’ve been messing with a draytek for 4 weeks now.. and it still won’t work.. apparently documentation in the draytek works is considering a curse word..:)
Some advice will be appreciated...but somewhere is a glitch ... Video proves me that VPN that i have created should work fine , and it does to the certain point , I can access both ways any printer on a both sides and any network storage that is not windows based .. but there is a catch, I can't access any PC windows based with shared folders .. and that only happens if i use IPsec site to site as you have described ... but if i access the VPN over GLOBAL VPN app I can access to everything ... so i believe that somewhere is a setting to be done that will work same over IPsec VPN site to site ..and access windows based share folders... any help is appreciated .. thanks
Thanks for the video! I have this exact setup coming in the next month with a project I'm working on. The remote site IT runs SonicWall and I've moved to the USG Pro. I do have one question, though: how can you limit traffic to specific devices? For example, he only needs access to one server on my network. How can I limit this to a single host instead of opening up my whole subnet to the guy? Thanks again!
just put in 2 UniFi 24 port Poe switches to replace older dlink units, that were behind a sonic wall tz210. Port forwarding that had been working in the sonic wall for a video security system quite working.. Just an FYI, still haven't solved it.
Hi Willie Great videos, I don't see any option for allow local subnet on USG like Sonic Wall local subnet / remote subnet if you can please advise on my scenario Site A having two VLAN X & Y, Want to create two IP-Sec Site to Site from Site A to Site B & site C, SITE A: X & Y should not be talk to each other VLAN X only talk to SITE B over IPSec VLAN Y only talk to SITE C over IPSEC Please let me know if require more details
Hi Howie, Great video. When I tried to replicate what you did, I used the SonicWall encryption instead of the USG encryption. Have you done that? I never got through provisioning to a live VPN connection. Instead, on the dashboard, I have an inactive VPN (top left). Any suggestions? Do you consult? Ernie Beffel
hi Willie, I created an ipsec VPN between a sonicwall and an edge router without the auto firewall option checked on the edge router and I can't get any traffic to pass through. can you please do a video on that and do some manual firewall rules on the edge router to show me what I'm missing? thanks so much and I love your videos
Many thanks, super usefull although I see to be a little late on the subject... Have you done a video or explanation on the USG to sonicwall but where the sonicwall (with not fix IPadress) calls the USB at my fix IPadress). It could help a lot. If not, the simple solution will be to bin my sonicwall and buy a second USB. Again, many thanks for the super clear explanations
I'd love to see a USG vpn to Azure video, I can help you out with the Auzre side of things for the video. Sadly it doen't work for me as i use WISP and I'm assuming the internal NATing is messing up my IPsec connections.
Hi how can i create a VPN with dynamic ips. I have got the Problem if i havent got the external IP on the WAN Port (Modem without PPPOE in front of the USG) And if i create the Site to Site VPN the Peer and local WAN IP changed to the Internal IPs. What can i do?
how did you do this without configuring firewall rules on the USG? Please show the WAN_IN, WAN_OUT, and WAN_LOCAL rules after you got this working. Thank you!
@@WillieHowe Thank you for the quick reply! Does the Controller automatically create firewall rules for the Site-to-Site VPN? I'm trying to setup a tunnel to a Dell Sonicwall and can't get it to work and noticed there's no firewall rules for it under any of the WAN tabs - shouldn't there be? Firewall rules get added when you create a Remote User VPN network...
I have a Q. in the UBNT SUPPORT for the USG to configure a manual VPN SITE TO SITE MANUAL is necessary to make changes in the firewall (Firewall Rules for Policy-Based Manual VPN (Dynamic Routing Disabled)) Could you please explain something about it? the info is not clear.
Hey Willie, I set this up with USG replacing a Sonicwall to the Sonicwall on the other side. It gets stuck in provisioning state. If I take the subnet out, it provisions, but then cannot connect to the other end. I put the settings in the USG that were in sonic wall. I know this is a bit vague, but you have any thoughts?
In my situation, I have the Sonicwall as the Remote device and the USG is local to my network. I can't get the connection to work. What settings do I need to change? I keep getting IKE Exchange Failures on the Sonicwall. Mine is a TZ200.
Sonicwall is once again flying solo, Willie. "Francisco Partners and Elliott Management complete acquisition of Dell Software Group; spin out SonicWall as dedicated independent security company"
I would like to "up vote" Cisco ASA EdgeRouter (not USG). Mostly because I have NEVER managed to make it work correctly (tunnel up, no traffic passing).
Willie, always good information on your videos. -- I am trying to setup a dream machine to a usg pro, but for the love of God I cant get it t owork. the "brainless VPN" is not available on dream machine, shows as coming soon - so I started to work on site to site, but that wont come up either. one site does have a static, the other is a dynamic wan, but even after updating that daily, the VPN just come up. I opened a case w unifi but, they arent known for their customer services at least my experience, so I was wondering if you can give me a hand on this! appreciate it willie! keep at the great work!
oh, forgot to mention once I saw that "coming soon" I said oh craps, let me get a usgPro (same as my clients main network) to receive it and not able to adopt it on the dream machine or the remote site (via the unifi app) so that added to the frustation (my thought process was, ok easy, if I have this usgPro and has the brainless vpn, then I can just simply do that and go go go - but that wasnt the case)
Does it matter if the USG is behind FIOS Gateway through a DMZ? i have the USG in the DMZ of the FIOS Gateway. this is how i had my sonicwall setup so i am presuming this is ok. i can't get the USG and remote sonicwall VPN to link. frustrating.
everything works but for the vpn. Since fios requires the use of their gateway, their is no way to truly bridge the USG. Do you have any other thoughts using usg with a fios residential gateway? The sonicwall to sonicwall didn't have a problem with this setup when enabling the VPN.
Thank you from 2022. I used this for a SonicWALL TZ400 to UDM-Pro. The locations were slightly different than the USG, but it was very close. Thanks, Willie!
Normally dont comment on these videos but a thanks to you as I am a Sonicwall user and have an application which i needed to connect to third party in order to get a tunnel going on a unifi device.. after two hours of messing with it and hitting the how to from sonicwall i tripped across your video... For anyone that is interested, the "wizard" you can run on the sonicwall router to create the tunnel misses half the required info (well not half but you know)... and as a comment you did well without looking it up!! The sonicwall docs says to use "VPN" and not "lan primary subnet"... i was watching your video initally and saying to myself nah this is not going to work... so i kinda ignored sonicwall docs and did it your way.. boom .. done.. thank you now i can carry onto something else today.
THANK YOU SIR!!! We switched from SonicWalls to USGs at remote sites, but our Colo still has a rack mount SonicWall. I tested this method and was connected up within minutes at my home office. I need to start installing these this week, you are a life saver!!
I needed to implement a USG to Sonicwall S2S VPN this week. Your network map and hands on tutorial helped me to complete the project successfully within an hour. Will donate some $$ to the Angry Cloud fund. Thanks Willie!!
have you experience any issues with this solution??
Like the different products you are using very helpful in the real world
Appreciate the video...was exactly what I was looking for! That said, am a little surprised the config worked as displayed as I believe the RemoteLAN address object you created on the SonicWALL should have been in the VPN zone rather than the LAN zone as shown.
Love to see a S2S from USG to Meraki
Great video, any plans of a Pfsense > USG VPN video?
Great video, I'm hoping this will help me with my USG to Forigate setup i've got going. Thanks for putting these up!
Simple and to the point. Great job man.
Willie,
Great video as always.
Are you planning some Site-to-Site VPN setups with dynamic IP's? Does not really matter what kit you use (Unifi to something-not-Unifi) but getting a tunnel going with Dynamic IP's on both ends is something I have not been able to get going.
Excellent tutorial, thanks. I will be doing this but with a Fortigate.
Great video! I tried to apply this to a Sonicwall to Edgerouter4 Site-to-Site VPN but I was not successful. I will not connect. I am not sure what the issue is but when ever it comes to Sonicwall it gets me very frustrated. If there is a chance you can make a tutorial video on that would be fantastic!
Dude, you're awesome. Keep these going man.
Just came by randomly. Been following your videos. You wouldn’t happen to be able to show a video on a site-2-site vpn from a usg to a draytek router? I’ve been messing with a draytek for 4 weeks now.. and it still won’t work.. apparently documentation in the draytek works is considering a curse word..:)
great tutorial willie
Nice so it looks like o can get these for some sites. I would just need to do CLI to change the IP address of the USG.
Some advice will be appreciated...but somewhere is a glitch ... Video proves me that VPN that i have created should work fine , and it does to the certain point , I can access both ways any printer on a both sides and any network storage that is not windows based .. but there is a catch, I can't access any PC windows based with shared folders .. and that only happens if i use IPsec site to site as you have described ... but if i access the VPN over GLOBAL VPN app I can access to everything ... so i believe that somewhere is a setting to be done that will work same over IPsec VPN site to site ..and access windows based share folders... any help is appreciated .. thanks
Great job again WIllie, have you seen that 5.4.11. now has 3.7.47.6194 firmware available?
Thanks!!!, I need help to USG with Mikrotik v.6.46.8, do you have any idea?? it's not work for me
Thanks for the video! I have this exact setup coming in the next month with a project I'm working on. The remote site IT runs SonicWall and I've moved to the USG Pro. I do have one question, though: how can you limit traffic to specific devices? For example, he only needs access to one server on my network. How can I limit this to a single host instead of opening up my whole subnet to the guy? Thanks again!
just put in 2 UniFi 24 port Poe switches to replace older dlink units, that were behind a sonic wall tz210. Port forwarding that had been working in the sonic wall for a video security system quite working.. Just an FYI, still haven't solved it.
if you had your choice would you go with a Sonicwall TZ300 or lets say a Edgerouter 4 if they were the same price?
Hi Willie
Great videos, I don't see any option for allow local subnet on USG like Sonic Wall local subnet / remote subnet
if you can please advise on my scenario
Site A having two VLAN X & Y, Want to create two IP-Sec Site to Site from Site A to Site B & site C,
SITE A: X & Y should not be talk to each other
VLAN X only talk to SITE B over IPSec
VLAN Y only talk to SITE C over IPSEC
Please let me know if require more details
Hi Howie, Great video. When I tried to replicate what you did, I used the SonicWall encryption instead of the USG encryption. Have you done that? I never got through provisioning to a live VPN connection. Instead, on the dashboard, I have an inactive VPN (top left). Any suggestions? Do you consult? Ernie Beffel
hi Willie, I created an ipsec VPN between a sonicwall and an edge router without the auto firewall option checked on the edge router and I can't get any traffic to pass through. can you please do a video on that and do some manual firewall rules on the edge router to show me what I'm missing? thanks so much and I love your videos
Hasnain Reza Did you ever get that VPN to pass traffic? I have the same setup I’m working with and can’t pass traffic.
Many thanks, super usefull although I see to be a little late on the subject... Have you done a video or explanation on the USG to sonicwall but where the sonicwall (with not fix IPadress) calls the USB at my fix IPadress). It could help a lot. If not, the simple solution will be to bin my sonicwall and buy a second USB.
Again, many thanks for the super clear explanations
I'd love to see a USG vpn to Azure video, I can help you out with the Auzre side of things for the video.
Sadly it doen't work for me as i use WISP and I'm assuming the internal NATing is messing up my IPsec connections.
Great video! I had issues with a site to site sonicwall with DNS. Are you having any issues with local DNS lookups with the USG>sonicwall?
Sonicwall NSA 4600 here in the office, USG remote behind a static-ip'ed LTE hub for WAN. Tunnel will NOT go up, no idea what's going on.
Hi how can i create a VPN with dynamic ips.
I have got the Problem if i havent got the external IP on the WAN Port (Modem without PPPOE in front of the USG)
And if i create the Site to Site VPN the Peer and local WAN IP changed to the Internal IPs.
What can i do?
I've tried this step-by-step and I can't get it to ping either or side. Could you please update this video I'm currently have TZ400 and USG3
Thanks for the video man
how did you do this without configuring firewall rules on the USG? Please show the WAN_IN, WAN_OUT, and WAN_LOCAL rules after you got this working. Thank you!
@@WillieHowe Thank you for the quick reply! Does the Controller automatically create firewall rules for the Site-to-Site VPN? I'm trying to setup a tunnel to a Dell Sonicwall and can't get it to work and noticed there's no firewall rules for it under any of the WAN tabs - shouldn't there be? Firewall rules get added when you create a Remote User VPN network...
I have a Q. in the UBNT SUPPORT for the USG to configure a manual VPN SITE TO SITE MANUAL is necessary to make changes in the firewall (Firewall Rules for Policy-Based Manual VPN (Dynamic Routing Disabled)) Could you please explain something about it? the info is not clear.
Hey Willie,
I set this up with USG replacing a Sonicwall to the Sonicwall on the other side. It gets stuck in provisioning state. If I take the subnet out, it provisions, but then cannot connect to the other end. I put the settings in the USG that were in sonic wall.
I know this is a bit vague, but you have any thoughts?
In my situation, I have the Sonicwall as the Remote device and the USG is local to my network. I can't get the connection to work. What settings do I need to change? I keep getting IKE Exchange Failures on the Sonicwall. Mine is a TZ200.
That made it look simple.
Thank you so much Willie ^_^
Sonicwall is once again flying solo, Willie.
"Francisco Partners and Elliott Management complete acquisition of Dell Software Group; spin out SonicWall as dedicated independent security company"
whoop! new video!
I would like to "up vote" Cisco ASA EdgeRouter (not USG).
Mostly because I have NEVER managed to make it work correctly (tunnel up, no traffic passing).
Willie and luck on the Cisco ASA tunnel? I can get a connection but cannot pass traffic.
Can you do one on pfSense to Edgerouter?
Willie Howe Sweet!
Willie, always good information on your videos. -- I am trying to setup a dream machine to a usg pro, but for the love of God I cant get it t owork. the "brainless VPN" is not available on dream machine, shows as coming soon - so I started to work on site to site, but that wont come up either. one site does have a static, the other is a dynamic wan, but even after updating that daily, the VPN just come up. I opened a case w unifi but, they arent known for their customer services at least my experience, so I was wondering if you can give me a hand on this! appreciate it willie! keep at the great work!
oh, forgot to mention once I saw that "coming soon" I said oh craps, let me get a usgPro (same as my clients main network) to receive it and not able to adopt it on the dream machine or the remote site (via the unifi app) so that added to the frustation (my thought process was, ok easy, if I have this usgPro and has the brainless vpn, then I can just simply do that and go go go - but that wasnt the case)
Does it matter if the USG is behind FIOS Gateway through a DMZ? i have the USG in the DMZ of the FIOS Gateway. this is how i had my sonicwall setup so i am presuming this is ok. i can't get the USG and remote sonicwall VPN to link. frustrating.
everything works but for the vpn. Since fios requires the use of their gateway, their is no way to truly bridge the USG. Do you have any other thoughts using usg with a fios residential gateway? The sonicwall to sonicwall didn't have a problem with this setup when enabling the VPN.