-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
SonicPoint provisioning - how to influence the IP address assignment by the Firewall (an exampl
03/26/2020 
19 People found this article helpful
486,156 Views
Description
SonicPoint provisioning - how to influence the IP address assignment by the Firewall (an example of subnetting and alternative SonicPoint ip address allocation)
Resolution
This article aims to provide an explanation to how the SonicWall administrator can influence the IP address assignment by the UTM firewall .
For a guide on "SonicPoint provisioning: how to influence the IP address assignment by the UTM firewall controller", please refer to KB 9345
The SonicWall administrator cannot choose the ip address to be assigned to each and every SonicPoint connected to a WLAN interface, as the provisioning is completed by the firewall controller, which assigns IP addresses to SonicPoints according to the following criteria:
1. the IP address pool is taken from the WLAN network configured on the interface where the SonicPoints are connected;
2. if the WLAN is segmented into VLANs, then the SonicPoint ip addresses are taken from the management network (or native VLAN);
3. the number of ip addresses reserved for the SonicPoints is determined and configurable by means of the "SonicPoint limit" parameter, which is configurable in the WLAN physical interface "General" configuration tab
4. the ip address assigned to the SonicPoints is taken from the slot: [(254 - SonicPoint_limit) to 254] belonging to the given subnet (see points 1 and 2)
Aforementioned criteria are explained with examples and screenshots from the SonicWall SonicOS Enhanced gui in KB 9345.
In KB 9345 an example of provisioning and ip address assignment is shown: after
- configuring data vlan on sub-interfaces belonging to physical interface X4 (10.20.0.1/24);
- choosing SonicPoint Limit = 4 from Network/Interfaces/x4_configure/General_tab;
- linking the SonicPoint behind interface X4;
the SonicPoint N is assigned the first ip address (i.e. 10.20.0.251) in the slot available (10.20.0.251 - 10.20.0.254), this in case he choose to have a WLAN without VLANs (Virtual Access Points).
It is recommendable not to use a SonicPoint Limit number too much greater than the actual number of SonicPoints to connect, in order not to have too many unnecessary ip addresses reserved on the impacted network.
Nevertheless the SonicWall administrator may have already allocated one or more of the ip addresses to resources in the network (server, printers, etc..).
How can then the SonicWall administrator workaround this issue without reconfiguring at IP level the subnet, for a WLAN without VLANs (Virtual Access Points)?
The SonicWall administrator can identify a spot in his subnet free of ip address assignments, large enough to allocate the ip addresses of all SonicPoints on the given subnet.
In this case, we present an example of subnetting and alternative SonicPoint ip address allocation.
Data from case study:
- UTM Appliance: NSA 2400
- WLAN Subnet:10.20.0.0/24
- WLAN X4 ip address:10.20.0.1
- Number of SonicPoints to dedicate to X4: 4
- No Virtual Access Points configured
- ip address slot available on a pre-existing network, for SonicPoints:
- 10.20.0.30 - 60
- 10.20.0.100 - 120
- 10.20.0.230 - 250
Summary and considerations on the Data from case study:
- The UTM NSA 2400 supports up to 32 SonicPoints linked to an interface;
- No Virtual Access Points configured, means no VLANs, meaning that management and data traffic is on 10.20.0.0/24
- Only ip address range 3 can be used to allocate ip addresses for the SonicPoint provisioning, because the ip address assigned to SonicPoints is taken from the slot: [(254 - SonicPoint_limit) - 254] belonging to the given subnet, and since the NSA 2400 supports a maximum of 32 SonicPoints (as in figure below), so the lower ip address than can be allocated in the given subnet is 10.20.0.223 (please refer to KB 9345 for more details).
Case study resolution
- Configuration of 16 SonicPoints from the SonicWall gui (SonicPoint Limit = 16 from Network/Interfaces/x4_configure/General_tab);
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO