Datto Networking Appliance (DNA): How do I configure my firewall for compatibility with Site-to-Site VPN on the Datto DNA?



How do I configure my firewall for compatibility with the Datto Networking Appliance's Site-to-Site VPN feature?


  • Datto Networking Appliance (DNA)
  • Site-to-Site VPN


Use the following settings to configure your firewall. The examples shown use a Sonicwall device; certain settings may be named differently or appear in different areas of the UI depending on the brand of device used in your environment.


  • Policy Type: Select Site to Site
  • Authentication Method: Select IKE using Preshared Secret
  • Name: Use the internal IP address of the DNA
  • IPsec Primary Gateway Name or Address: Enter the primary gateway name or address used in your environment
  • Shared SecretEnter the IKE Authentication Shared Secret key
  • Local IKE ID Peer IKE ID: Enter the address scheme and IDs for both values

Figure 1: General settings as shown on a Sonicwall router

Figure 2: Network settings as shown on a Sonicwall router


  • IKE (Phase 1)
    • Exchange: Main Mode
    • DH Group: Group 14
    • Encryption: AES-128
    • Authentication: SHA1
    • Life Time (seconds): 28800

  • IPsec (Phase 2)
    • Protocol: ESP
    • Encryption: AES-128
    • Authentication: SHA1 - enable Perfect Forward Secrecy
    • DH Group: Group 14
    • Lifetime (seconds): 28800

Figure 3: Proposals settings as shown on a Sonicwall router


  • Keep Alive: Enabled
  • VPN Policy bound to: Select Interface X2.

Figure 4: Advanced settings as shown on a Sonicwall router


Additional Resources

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage