Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

How do I configure my firewall for compatibility with Site-to-Site VPN on the Datto DNA?

Follow

Question

How do I configure my firewall for compatibility with the Datto Networking Appliance's Site-to-Site VPN feature?

Environment

  • Datto Networking Appliance (DNA)
  • Site-to-Site VPN

Answer

Use the following settings to configure your firewall. The examples shown use a Sonicwall device; certain settings may be named differently or appear in different areas of the UI depending on the brand of device used in your environment.

Environment

  • Policy Type: Select Site to Site
  • Authentication Method: Select IKE using Preshared Secret
  • Name: Use the internal IP address of the DNA
  • IPsec Primary Gateway Name or Address: Enter the primary gateway name or address used in your environment
  • Shared SecretEnter the IKE Authentication Shared Secret key
  • Local IKE ID Peer IKE ID: Enter the address scheme and IDs for both values

Figure 1: General settings as shown on a Sonicwall router

Figure 2: Network settings as shown on a Sonicwall router

Proposals

  • IKE (Phase 1)
    • Exchange: Main Mode
    • DH Group: Group 14
    • Encryption: AES-128
    • Authentication: SHA1
    • Life Time (seconds): 28800

  • IPsec (Phase 2)
    • Protocol: ESP
    • Encryption: AES-128
    • Authentication: SHA1 - enable Perfect Forward Secrecy
    • DH Group: Group 14
    • Lifetime (seconds): 28800

Figure 3: Proposals settings as shown on a Sonicwall router

Advanced

  • Keep Alive: Enabled
  • VPN Policy bound to: Select Interface X2.

Figure 4: Advanced settings as shown on a Sonicwall router

 

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!