When I change the subnet for the LAN interface on a Sonicwall firewall the WAN interfaces go haywire. What should I do?

0

Our company's old subnet was 255.255.255.0. To adjust for growth we decided to implement a 255.255.248 subnet.

Upon changing this in our Sonicwall's LAN interface, our WAN connections quit working normally. We have 2 WAN connections, one used for outgoing traffic and the other for incoming traffic. The second is also setup as the failover for the first.

Pinging anything whether inside or outside the network would return handfuls of packets and then deny everything for minutes before returning another handful of packets.

I don't know that it's the WAN ports that were at fault, but they are what show up in the error log.

For example:

Category            Message                                     Source              Destination
WAN Availability    Probing succeeded on NAT Static IP          x.x.x.x, 0, X2      4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability    WLB Resource failed                         x.x.x.x, 0, X2  
WAN Availability    WLB Failover in progress                    x.x.x.x, 0, X2      y.y.y.y, 0, X1
WAN Availability    The network connection in use is NAT Static IP  y.y.y.y, 0, X1  
WAN Availability    Probing succeeded on NAT Static IP          y.y.y.y, 0, X1      4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability    Probing succeeded on NAT Static IP          y.y.y.y, 0, X1      4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability    WLB Resource failed                         y.y.y.y, 0, X1  
WAN Availability    Probing failure on NAT Static IP            y.y.y.y, 0, X1      4.2.2.2, 53, X1, b.resolvers.Level3.net
WAN Availability    Probing failure on NAT Static IP            y.y.y.y, 0, X1      4.2.2.1, 0, X1, a.resolvers.level3.net
WAN Availability    WLB Resource is now available               y.y.y.y, 0, X1  
WAN Availability    Probing failure on NAT Static IP            x.x.x.x, 0, X2      4.2.2.1, 53, X2, a.resolvers.level3.net
WAN Availability    Probing failure on NAT Static IP            x.x.x.x, 0, X2      4.2.2.2, 0, X2, b.resolvers.Level3.net
WAN Availability    WLB Resource is now available               x.x.x.x, 0, X2  
WAN Availability    WLB Failback initiated by preemption due to a more preferred interface being operational    y.y.y.y, 0, X1  x.x.x.x, 0, X2

This all happened in the course of about 20 seconds, and would repeat itself.

We were told it was a cabling issue when talking with Sonicwall Support, but can't find where we might have double up any of the cabling. I also wonder why we wouldn't have the same problem on the 255.255.255.0 subnet.

If there was a NIC with two IPs in the same subnet somewhere would that cause what we're seeing?

Help?

Jason Kirby

Posted 2012-07-25T15:43:36.077

Reputation: 57

Does Sonicwall claim your device should support private subnets as large as a /21? Does it work again if you go back to your /24? What happens with a /23 or a /22? – Spiff – 2012-07-26T08:49:49.983

Yes, they were as confused as we were when everything went haywire. It works fine when we go back to /24. Will try /23 and see. – Jason Kirby – 2012-07-31T17:12:24.160

2So it turns out there was a Cisco device causing a network storm. Upon reconfiguring the device the change to the subnet worked flawlessly. – Jason Kirby – 2013-08-15T00:10:31.860

2Thanks for the followup Jason. On SuperUser, when you solve your own problem, it works best if you put your own solution as an Answer and then accept (click the check mark next to) your own Answer. That way it doesn't show up as an open question anymore. – Spiff – 2013-08-15T00:26:38.540

Answers

1

Since you have two WANs in place, under the Network section, check NAT Policies and Routing. I'm guessing that the subnets might be specified there for routing specific traffic to and from the LANs and WANs.

Force Flow

Posted 2012-07-25T15:43:36.077

Reputation: 3 850

Asked: 2012-07-25T15:43:36.077

Viewed: 6 035 times

Active: 2019-12-31T13:03:35.487