How to configure SonicWall SD-WAN
ฝัง
- เผยแพร่เมื่อ 21 ส.ค. 2024
- this video is a technical video on how to setup and configure the SonicWall SD-WAN features.
in this video VPN were created as tunnel interface VPN. here is the video on how to setup that VPN: • How to configure Tunne...
Microsoft KB on recommended latency, jitter and packet lost from the edge of your network (your firewall) to them:
docs.microsoft...
Microsoft KB listing external IP and FQDN used for Office 365: docs.microsoft...
3rd party Wan Emulator I have use: wanem.sourcefor...
Next time please draft network diagram for more clarify. (for newbies)
Your content is 100% professional and educational
Another great one JP! All my questions answered! Would you happen to have a video on Sonicwall logs,? Understanding, configuring, and using to troubleshoot? I find them very confusing. I know there is an admin guide. Confusing as well. Thanks!
Jean-Pier, thanks for the tips.
Hii Jean ....I Loved your videoso so so so much i am working in sonicwall from few months and i have learnt 100 times more from this video than i had learnt in last couple of months ..I have a request ..please make more videos on SDWAN 2.0 features .....How to send and check FTP traffic ...Also please mention difference between numbered and unmumbered tunnels and whats the difference between two.............
Thanks In Advance.....
Thanks!
Yes I do plan on keep doing videos!
Fun fact, I didn’t know the difference between numbered and unnumbered tunnel interface when I did the video. I only knew one way of doing them…
Yes one day I’ll do a video on those 2 tunnel interface vpn
Thank you for the videos! How does SDWAN work with Load Balancing (or should they not be used together)? Is Failover/load balancing the default and sdwan takes over when rules are tripped? I am looking for best practices for WAN connections.
Hum, good one. What are you trying to achieve? I’m trying to find a use case fit it
Should I abandon lb/fail over groups in favor of sd wan for my two wan connection ?
Intresting. Thank you.
Hi, learned a lot from this video! When I read about SDWAN, it always mentions simple deployment and centralized management. If you have 10 sites and you have to create all these policies on each site, how do you automate this so it's centrally managed? Is it possible to have one location to create policies and it gets pushed to all the other Sonicwalls?
Thanks Ken! Glad you learned a lot with my videos!
Yes NSM has a SDWAN thing to do what you want. To be honest, I never tried it. It would require me multiple firewall each having multiple ISP. That would be a pretty big/cable messy lab :-)
@@JeanPierTalbot thank you for taking time to reply! I'll look into NSM!
Hi Sir Jean,
Good Day. I just want to say thank you for all of your vides regarding SonicWall since a new guy here.
May I also know if SonicWall has an ISO image where i can use it in virtual box or vmware for training purposes?
Thank you so muchhhh Sir
Thanks for the feedback.
Yes you can download a 30 days trial if the virtual firewall for hyper-V or ESXi
Man, I wish I had his hair. NOICE
LOL give me your address, I’ll ship you a few
Thanks for your content
I want to ask that what is the process for configuring route based vpn for multiple sites (more than two ).
It’s the same process, a second time for a second site
can you have IPsec VPN (site to site) and tunnel route VPN at the same time? or will this cause issues and take down the IPsec site to site that is using the same IPs? or cause route loop issues?
Started with Failover for two WAN connections. Since adding SD-WAN between branches, should Failover be disabled and an SD-WAN profile and route be created instead for LAN to WAN internet access to switch to the secondary in case the primary fails? What happens to SD-WAN traffic when the primary WAN fails and the Sonciwall switches to the failover interface?
Hum. Good one. Are you using SDWAN for ALL traffic going to the wan? In the video I use it only for office 365 (or maybe just teams, I don’t recall) in that case, SDWAN only applied to office 365. So I would keep the failover setting for everything else.
@@JeanPierTalbot Thanks for the reply. Not using SDWAN for all LAN to WAN traffic, just one cloud app like your example. Question is, does Fail Over conflict with SDWAN? I am wondering if both should be used together or if SDWAN should replace Failover.
@@KT-hx2ul I dont see SDWAN replacing the global failover setting. SDWAN will kickin for the specific stuff you have set and everything else will fall under the basic failover.
I also see that there is a limitation only 1 SDWAN can be created.. if you create one for ZOOM (using both intefaces) you cannot build another SD-WAN say for exchange, the Interfaces are no longer available as they are now only used by zoom. which we use very little so i will be removing zoom . Is there no way to build multiple SD-WANS? if not then this probably answers my question below, as a IPSEC replacement because do have multiple IPsec VPNs
You can have interfaces only in one SD-WAN group, yes. But you CAN create multiple SD-WAN policies using the same group of Sdwan interfaces.
@@JeanPierTalbot but trying to build a site to site networks sdwan will not replace ipsec site to site. When you need all 5 offices talking to one another
i like your videos, but i have a small problem maybe you can help, i have two sites with two sonicwall both connecting to the isp on x1 and i have a wireless link between the two sonic wall on x4 how can i make a failover of the internet when it is down passing the traffic over the wireless link to get the internet from the other site
You would need to create 2 vlans in your wireless link. One for each wan to bring isp1 to site 2 and isp2 to site one. Then create isp1 vlan as wan on firewall 2 and isp2 on vlan as a wan on firewall1
Hi Jean!
Whats the difference betwen Site to Site vpn and tunnel interface?
They are pretty much the same. Both are a site to site vpn using same encryption. Tunnel interface, as the name states, the vpn is an interface. Giving you more flexibility in regards of static/dynamic routing and SDWAN. Where standard vpn can’t participate in those.
Hi Jean, can I configure route based VPN in SDWAN without having a static or public IP's. thanks and more power!
Yes you can do VPNs with dynamic ip. I have seen many setup where the remote location has a dynamic IP and the head office has a static. It works great if it’s the remote location users that needs to access ressources in the head office. So the firewall with the dynamic ip is the one initiating a vpn to the fix it.
And yes you can add SDWAN on top
Is it possible to create an SD-WAN with a public IP from site A and a router IP from site B?
I’m not fully sure what you are trying to achieve, but if you want SDWAN to check which internet line is the best to reach an external ip, it can be done. It will be similaire to the portion I did on teams.
Do you have to use Route based VPN's for SD-WAN or can you use your existing IPSEC tunnels?
it's not something I have tested. but I believe SDWAN will not work with standard VPN.
SDWAN needs 2 or more routes to get to the same destination.
I believe you cannot do 2 standard VPN going to the same place.
so that might require to switch to tunnel interface.
@@JeanPierTalbot okay. Thank you. I'll have to figure out what that change entails
@@cavj1111 backup the config on both firewall, delete the standard VPN and create a tunnel interface VPN. if that does not work and you are out of time, restore the configs you saved...
is it possible to create ipsec tunnel on sd-wan to fortigate on the other end ?
I am facing a problem where the automatic prob goes up but gets 100% packet loss, outside the SD-WAN the tunnel is up
Never tried it. I usually remove the fortinet in my day to day job :-)
Not sure it will work. You need to create 2 or more tunnel interface VPN. Not sure how/if you can do that on fortinet.
If you can get the fortinet to build tunnel interface vpns, then you can get SDWAN to route traffic on those vpn interfaces.
Hi Jean
How to connect two sites with overlapping networks , eg: Xo & x2 networks are same on both firewalls
thx
Best would be to change subnet so they don’t overlap anymore. Otherwise you can do 1 to 1 NAT in your tunnel
So if the subset is 192.168.1.0 on both side, you will kind of have a fake subnet in the VPN. So when you ping 10.10.10.123, it will be NATed to 192.168.1.123
Hello Jean.. Can you make a video on CLI operation
Yeah, I could. Eventually. Working on a few videos now: capture atp and wireless
@@JeanPierTalbot great
AT 10:49 of the video why are my links not coming up at this point?
Sir Can we configure the Split tunnel in sonicwall NSa4650. scenario is site to site vpn is confgured (with nat of lan subnet. Bcoz Lan subnet both side are same. like (site a x.x.0.0/16 and site x.x.0.0/16 ) so why we have nat these subnet. now when server need to internet, server is not able to access the internet. we have some server for patch or software updation needed.
Hi Raj!
You definitely can do split tunnel on site to site vpn. If you edit you vpn, under network menu you will see what networks are connected.
If I had to take a guess, I would bet the issue is your NAT and that it also takes traffic that destination is the WAN into your site to site vpn NAT rule. Ensure no objects contains 0.0.0.0. (That’s for tunnel all)
That’s something you can call support about. They are amazing. Wait time is pretty much always less than 5 minutes.
Can we do SDWan for the P2P links?
Yes, that’s what I do in this vifeo
How can I contact you?
Email is visible on my monitor at the very beginning of the video.