When I change the subnet for the LAN interface on a Sonicwall firewall the WAN interfaces go haywire. What...
up vote
0
down vote
favorite
Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.
Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.
Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.
I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.
For example:
Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2
This all happened in the course of about 20 seconds, and would repeat itself.
We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.
If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?
Help?
firewall lan subnet wan
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
asked Jul 25 '12 at 15:43
Jason Kirby
5713
add a comment |
up vote
0
down vote
favorite
Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.
Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.
Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.
I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.
For example:
Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2
This all happened in the course of about 20 seconds, and would repeat itself.
We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.
If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?
Help?
firewall lan subnet wan
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
asked Jul 25 '12 at 15:43
Jason Kirby
5713
Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49
Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12
2
So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10
2
Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.
Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.
Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.
I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.
For example:
Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2
This all happened in the course of about 20 seconds, and would repeat itself.
We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.
If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?
Help?
firewall lan subnet wan
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
asked Jul 25 '12 at 15:43
Jason Kirby
5713
Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.
Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.
Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.
I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.
For example:
Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2
This all happened in the course of about 20 seconds, and would repeat itself.
We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.
If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?
Help?
firewall lan subnet wan
firewall lan subnet wan
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
asked Jul 25 '12 at 15:43
Jason Kirby
5713
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
asked Jul 25 '12 at 15:43
Jason Kirby
5713
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
edited Apr 9 '17 at 4:40
fixer1234
17.5k144281
17.5k144281
asked Jul 25 '12 at 15:43
Jason Kirby
5713
asked Jul 25 '12 at 15:43
Jason Kirby
5713
asked Jul 25 '12 at 15:43
Jason Kirby
5713
5713
Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49
Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12
2
So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10
2
Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26
add a comment |
Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49
Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12
2
So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10
2
Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26
Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49
Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49
Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12
Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12
2
2
So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10
So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10
2
2
Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26
Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
add a comment |
up vote
0
down vote
Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
add a comment |
up vote
0
down vote
up vote
0
down vote
Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
answered Jul 28 '12 at 5:18
Force Flow
3,45072238
3,45072238
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f453457%2fwhen-i-change-the-subnet-for-the-lan-interface-on-a-sonicwall-firewall-the-wan-i%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49
Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12
2
So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10
2
Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26