[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Increase network size on SonicWall NSA 220

Posted on 2014-08-06
Medium Priority
Last Modified: 2014-08-08
I have a SonicWall NSA 220.  I inherited the current network ip scheme of 10.30.5.x/

Our office is expanding and I need more IP address availability. I would like to also segregate some items, such as IP phones to their own segment.

Can I simply change the netmask to  And then start using 10.30.10.x addresses for the phones? The SonicWall currently handles DHCP but DNS is on a couple 10.30.5.x domain controllers.

Question by:ScotSunnergren
LVL 22

Accepted Solution

Nick Rhode earned 1000 total points
ID: 40243996
Yes, but you probably dont want to leave open that many subnets.  What I usually do is have a few subnets and seperate my network to make it easier to identify.


Sub: (gives me 7 subnets) = Static and network equipment = IP phones = DHCP


Author Comment

ID: 40244010
Thank you.

But when I try to change the subnet mask for the XO Interface, which is where I assume I need to do this, I get...

Status: Error: Index of the interface.: This interface is used by SSL VPN IP Pool  

Why would that prevent me changing it? My NetExtender start and end ips are within the original 10.30.5.x range...
LVL 22

Expert Comment

by:Nick Rhode
ID: 40244051
Most likely you would have to adjust the pool for your VPN users.  I assume you have the VPN setup to recieve an IP address from the router with a VPN client establishes a connection.  I cannot remember all the settings off the top of my head but you could contact sonicwall support and they would be able to guide you through the process.
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.


Assisted Solution

active8it earned 1000 total points
ID: 40244113
the sonicwall if like other devices wont allow the change of the 10.3.5.x to a different mask when other features such as the vpn are using the same subnet as it would still be trying to use the /24 mask which wont work in conjuction with /16.

And yes i agree with Nick, i imagine if you temp change the vpn pool to say, swap your mask to /16 on the 10.30.5.x lan segment it will probably work ok, then swap the vpn pool back to say 10.30.30.x/16 it will save ok. In theory as you will be on /16 10.30.5.x and 10.30.30.x are the same subnet but the numbers give some differentiation.
LVL 26

Expert Comment

by:Fred Marshall
ID: 40244148
I can't tell the difference between the X0 interface and the 5 apparent other "LAN" interfaces.  If it has VLAN capabilities then that might explain this but I could not find a manual for the NSA 220.  X0 almost looks like a console type port even though it's labeled as LAN.  A link to the manual would help.

You have two objectives so I'll address them separately:

1) to increase the number of available IP addresses on the LAN, consider this:
If you change the subnet mask on the router/DHCP server to, this will increase the subnet by a factor of 2 from 254 usable addresses to 510 usable addresses.  The new network address will be and the new addresses will be to
The broadcast address will remain at - which in some sense is a good thing.
You will probably have to change the subnet base address manually but likely nothing else.
Then, you will need to transition the subnet masks being used on all the devices but actually they may work within the to range of addressed devices just fine before that change is made.  So disruption could be minimized.  I'd change the critical devices first nonetheless.

2) Separate subnets for phones, etc?
If the NSA 220 will provide VLANs then you could set up a VLAN for the phones.  It would have a separate IP address range and would need it's own DHCP server unless the Sonicwall will do that or unless everything in the phone system has a static IP, etc.

As far as interfering with current VPN settings, it would be good to know what the settings are now.  I would not mess around with the VPN settings simply to avoid a project that you may not be prepared to handle.  Presumably it's working and is needed all the time.

Author Closing Comment

ID: 40248696
Thank you all. It appears that the SonicWall does not like you to change the underlying mask when he SSLVPN is attached to it. I ended up having to wait for the users to be off, created a new subnet on a spare port, change the SSLVPN address pool to that, modify the X0 mask, and then change the SSLVPN pool back. Actually only took a couple minutes.

I did find that one of my static ip assignments no longer worked when I was done. The DHCP server automatically picked up the subnet change and modified all of them but on one device, when I did a release/renew, it would not find the DHCP server and gave a 169 address. Restarting the SonicWall corrected this issue.

Thanks again.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question