Install SonicWall Cloud Secure Edge Connector using Docker

Install the Connector on a server running Docker

  • Updated on Aug 13, 2024

Installing the Connector via Docker desktop on mac is currently not supported. We are actively working on providing this soon.

Steps

Install the Connector via the following four steps.

Step 1. Register your Connector

1.1 Log into the Command Center, and navigate to Networks > Connectors.

1.2 Select + Create Connector, and configure the required parameters when going through the installation wizard. An existing API key is required; these should appear in the dropdown menu of the API Key field on the Configure tab. If you don’t have an existing API key, navigate to Settings > API Keys and generate an API key with an satellite scope.

1.3 Take note of the installation parameters for use in subsequent sections.

Network Reachability
  1. The Connector needs to be able to connect outbound to the internet; it does not need any inbound open ports to operate correctly.

  2. Ensure that the Connector server can make an outbound HTTPS connection via port 443 to the Command Center. The Connector does this to register itself and receive its configuration parameters, by making API calls to https://{ccname}.console.banyanops.com/api/v1/….

  3. Ensure that the Connector can make an outbound UDP connection to the Global Edge Network. The Connector will pick a port(s) in the range 40000 - 44000 to set up WireGuard tunnels with the Edge Network.

  4. Ensure your networking policies allow traffic to flow from the Connector server to backend machines running the applications and services you need to secure access to.

Set Environment Variables

Before you start the Connector Docker container, set the environment variables that specify how it should connect to the Command Center so it can register itself and receive its configuration.

export COMMAND_CENTER_URL=				# Banyan Command Center, such as https://net.banyanops.com
export API_KEY_SECRET=						# secret API Key associated with your Connector
export CONNECTOR_NAME=						# name of your Connector
Run the container
sudo -E docker run --name clar-t --privileged --pull always \
--restart unless-stopped \
--cap-add=NET_ADMIN -e COMMAND_CENTER_URL -e API_KEY_SECRET \
-e CONNECTOR_NAME -d gcr.io/banyan-pub/connector:1.18.0

If your machine needs root privilege to run docker via the sudo command, remember to add -E so your environment variables get passed through. Your command will then look like sudo -E docker run ...

The Connector leverages WireGuard to set up secure tunnels. The Docker container needs to be run in privileged mode with the NET_ADMIN capability to configure networking correctly.

Confirm Connectivity

If the output display is Failure, ensure that your network is configured to allow connections as detailed in the pre-install checklist above, and then re-run the Install command.

sudo docker logs <Connector Name> | grep -q "TCP connection.*succeeded" && echo "Success" || echo "Failed"

Once the Connector is running, you can check its logs using docker logs to ensure it is functioning as expected.

In the Networks > Connectors section of the Command Center to see the list of all the registered Connectors. Verify the status of your Connector there.

Connector Status