When I change the subnet for the LAN interface on a Sonicwall firewall the WAN interfaces go haywire. What...











up vote
0
down vote

favorite












Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.



Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.



Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.



I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.



For example:




Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2



This all happened in the course of about 20 seconds, and would repeat itself.



We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.



If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?



Help?










share|improve this question
























  • Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
    – Spiff
    Jul 26 '12 at 8:49










  • Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
    – Jason Kirby
    Jul 31 '12 at 17:12






  • 2




    So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
    – Jason Kirby
    Aug 15 '13 at 0:10






  • 2




    Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
    – Spiff
    Aug 15 '13 at 0:26















up vote
0
down vote

favorite












Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.



Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.



Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.



I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.



For example:




Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2



This all happened in the course of about 20 seconds, and would repeat itself.



We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.



If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?



Help?










share|improve this question
























  • Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
    – Spiff
    Jul 26 '12 at 8:49










  • Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
    – Jason Kirby
    Jul 31 '12 at 17:12






  • 2




    So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
    – Jason Kirby
    Aug 15 '13 at 0:10






  • 2




    Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
    – Spiff
    Aug 15 '13 at 0:26













up vote
0
down vote

favorite









up vote
0
down vote

favorite











Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.



Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.



Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.



I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.



For example:




Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2



This all happened in the course of about 20 seconds, and would repeat itself.



We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.



If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?



Help?










share|improve this question















Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.



Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.



Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.



I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.



For example:




Category Message Source Destination
WAN Availability Probing succeeded on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability WLB Resource failed x.x.x.x, 0, X2
WAN Availability WLB Failover in progress x.x.x.x, 0, X2 y.y.y.y, 0, X1
WAN Availability The network connection in use is NAT Static IP y.y.y.y, 0, X1
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing succeeded on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource failed y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability Probing failure on NAT Static IP y.y.y.y, 0, X1 4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability WLB Resource is now available y.y.y.y, 0, X1
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability Probing failure on NAT Static IP x.x.x.x, 0, X2 4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability WLB Resource is now available x.x.x.x, 0, X2
WAN Availability WLB Failback initiated by preemption due to a more preferred interface being operational y.y.y.y, 0, X1 x.x.x.x, 0, X2



This all happened in the course of about 20 seconds, and would repeat itself.



We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.



If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?



Help?







firewall lan subnet wan






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 9 '17 at 4:40









fixer1234

17.7k144581




17.7k144581










asked Jul 25 '12 at 15:43









Jason Kirby

5713




5713












  • Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
    – Spiff
    Jul 26 '12 at 8:49










  • Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
    – Jason Kirby
    Jul 31 '12 at 17:12






  • 2




    So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
    – Jason Kirby
    Aug 15 '13 at 0:10






  • 2




    Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
    – Spiff
    Aug 15 '13 at 0:26


















  • Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
    – Spiff
    Jul 26 '12 at 8:49










  • Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
    – Jason Kirby
    Jul 31 '12 at 17:12






  • 2




    So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
    – Jason Kirby
    Aug 15 '13 at 0:10






  • 2




    Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
    – Spiff
    Aug 15 '13 at 0:26
















Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49




Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22?
– Spiff
Jul 26 '12 at 8:49












Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12




Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see.
– Jason Kirby
Jul 31 '12 at 17:12




2




2




So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10




So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly.
– Jason Kirby
Aug 15 '13 at 0:10




2




2




Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26




Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore.
– Spiff
Aug 15 '13 at 0:26










1 Answer
1






active

oldest

votes

















up vote
0
down vote













Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f453457%2fwhen-i-change-the-subnet-for-the-lan-interface-on-a-sonicwall-firewall-the-wan-i%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.






    share|improve this answer

























      up vote
      0
      down vote













      Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.






      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.






        share|improve this answer












        Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jul 28 '12 at 5:18









        Force Flow

        3,45072238




        3,45072238






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f453457%2fwhen-i-change-the-subnet-for-the-lan-interface-on-a-sonicwall-firewall-the-wan-i%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Сан-Квентин

            8-я гвардейская общевойсковая армия

            Алькесар