Increase network size on SonicWall NSA 220

Posted on 2014-08-06
Last Modified: 2014-08-08
I have a SonicWall NSA 220.  I inherited the current network ip scheme of 10.30.5.x/

Our office is expanding and I need more IP address availability. I would like to also segregate some items, such as IP phones to their own segment.

Can I simply change the netmask to  And then start using 10.30.10.x addresses for the phones? The SonicWall currently handles DHCP but DNS is on a couple 10.30.5.x domain controllers.

Question by:ScotSunnergren
    LVL 22

    Accepted Solution

    Yes, but you probably dont want to leave open that many subnets.  What I usually do is have a few subnets and seperate my network to make it easier to identify.


    Sub: (gives me 7 subnets) = Static and network equipment = IP phones = DHCP


    Author Comment

    Thank you.

    But when I try to change the subnet mask for the XO Interface, which is where I assume I need to do this, I get...

    Status: Error: Index of the interface.: This interface is used by SSL VPN IP Pool  

    Why would that prevent me changing it? My NetExtender start and end ips are within the original 10.30.5.x range...
    LVL 22

    Expert Comment

    by:Nick Rhode
    Most likely you would have to adjust the pool for your VPN users.  I assume you have the VPN setup to recieve an IP address from the router with a VPN client establishes a connection.  I cannot remember all the settings off the top of my head but you could contact sonicwall support and they would be able to guide you through the process.
    LVL 2

    Assisted Solution

    the sonicwall if like other devices wont allow the change of the 10.3.5.x to a different mask when other features such as the vpn are using the same subnet as it would still be trying to use the /24 mask which wont work in conjuction with /16.

    And yes i agree with Nick, i imagine if you temp change the vpn pool to say, swap your mask to /16 on the 10.30.5.x lan segment it will probably work ok, then swap the vpn pool back to say 10.30.30.x/16 it will save ok. In theory as you will be on /16 10.30.5.x and 10.30.30.x are the same subnet but the numbers give some differentiation.
    LVL 25

    Expert Comment

    by:Fred Marshall
    I can't tell the difference between the X0 interface and the 5 apparent other "LAN" interfaces.  If it has VLAN capabilities then that might explain this but I could not find a manual for the NSA 220.  X0 almost looks like a console type port even though it's labeled as LAN.  A link to the manual would help.

    You have two objectives so I'll address them separately:

    1) to increase the number of available IP addresses on the LAN, consider this:
    If you change the subnet mask on the router/DHCP server to, this will increase the subnet by a factor of 2 from 254 usable addresses to 510 usable addresses.  The new network address will be and the new addresses will be to
    The broadcast address will remain at - which in some sense is a good thing.
    You will probably have to change the subnet base address manually but likely nothing else.
    Then, you will need to transition the subnet masks being used on all the devices but actually they may work within the to range of addressed devices just fine before that change is made.  So disruption could be minimized.  I'd change the critical devices first nonetheless.

    2) Separate subnets for phones, etc?
    If the NSA 220 will provide VLANs then you could set up a VLAN for the phones.  It would have a separate IP address range and would need it's own DHCP server unless the Sonicwall will do that or unless everything in the phone system has a static IP, etc.

    As far as interfering with current VPN settings, it would be good to know what the settings are now.  I would not mess around with the VPN settings simply to avoid a project that you may not be prepared to handle.  Presumably it's working and is needed all the time.

    Author Closing Comment

    Thank you all. It appears that the SonicWall does not like you to change the underlying mask when he SSLVPN is attached to it. I ended up having to wait for the users to be off, created a new subnet on a spare port, change the SSLVPN address pool to that, modify the X0 mask, and then change the SSLVPN pool back. Actually only took a couple minutes.

    I did find that one of my static ip assignments no longer worked when I was done. The DHCP server automatically picked up the subnet change and modified all of them but on one device, when I did a release/renew, it would not find the DHCP server and gave a 169 address. Restarting the SonicWall corrected this issue.

    Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now