{"id":1290,"date":"2014-01-23T14:22:31","date_gmt":"2014-01-23T22:22:31","guid":{"rendered":"https:\/\/thebeagle.itgroove.net\/?p=1290"},"modified":"2023-02-24T21:48:35","modified_gmt":"2023-02-24T21:48:35","slug":"sonicwall-site-to-site-vpn-tunnel-countssomething-to-keep-in-mind-when-you-are-sizing-the-firewall","status":"publish","type":"post","link":"https:\/\/regroove.ca\/archive\/2014\/01\/23\/sonicwall-site-to-site-vpn-tunnel-countssomething-to-keep-in-mind-when-you-are-sizing-the-firewall\/","title":{"rendered":"Sonicwall Site-to-Site VPN Tunnel Counts\u2013Something to keep in mind when you are sizing the firewall"},"content":{"rendered":"

Sonicwall firewalls are all capable of supporting site-to-site VPN connections to other firewalls and each firewall model has a specified maximum number of tunnels that it can support.  From 5 tunnels on a TZ105 through to 10,000 on the SuperMassive Series (ooooo, I want one of these for Christmas!!!!), they all work in the same fashion.  For the rest of this discussion I\u2019ll focus on Sonicwall-to-Sonicwall VPN\u2019s but the gist holds true regardless. <\/p>\n

When you create a site-to-site VPN connection (VPN Policy) between Sonicwalls you define the subnets behind each Sonicwall that will be accessible over the VPN connection.  Each Sonicwall needs to understand what subnets are available over the VPN connection from the other Sonicwall.  This is pretty straightforward and it is configured as part of the VPN policy on the Network tab within the Policy itself.  What may be a bit surprising is that the VPN link that is created *might* actually be displayed as more than one VPN tunnel on each Sonicwall.  In essence, there is a “tunnel” created on each Sonicwall between each network on the local Sonicwal that is included in the VPN policy and each network on the remote Sonicwall that is included in the policy.  This means that you might see a whole bunch of tunnels listed on a Sonicwall when you might only have one site-to-site VPN Policy in place between two Sonicwalls with multiple networks involved on each side of the VPN.  This is important to keep in mind as it is the total number of tunnels <\/em><\/strong>that you need to track; it is this number that you have to line up against the maximum<\/em> number of tunnels that a given Sonicwall model supports.  You can end up with no where to go and your cap in hand having to beg for more money for a bigger firewall if you don\u2019t plan your capacity correctly. <\/p>\n

Case in point:  I have a customer that has 4 locations;  there are now four Sonicwalls in place; one in Victoria, one in Richmond, one in Nanaimo and one at the owner\u2019s house.  From the point of view of Victoria (main office with a NSA 250MW) that means there are three VPN policies in place, one to each of the remote sites and that is indicated in the VPN Policies listing: <\/p>\n

\"image\"<\/a> <\/p>\n

But, as you can see, two of those sites have multiple networks that are available across the VPN; Richmond has three and Nanaimo has two.  Keep in mind that Victoria offers up two networks across the VPN back to all the other sites and you can do the math.  There should be: <\/p>\n