-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Understanding Static IP Addressing with Static Pools
03/26/2020 
159 People found this article helpful
485,090 Views
Description
Understanding Static IP Addressing with Static Pools
Resolution
The following is a brief description of what happens when static IP addressing occurs on the tunnel service of the appliance.
- The connecting client supplies a unique connectoid GUID. The client may also supply information about the most recent connection and indicate whether the client is resuming a tunnel that died, or it is initiating a new tunnel.
- All addresses in a static pool start out in an "available" queue. As clients connect and disconnect, the server marks each address with the GUID of the last client to use it. Disconnected addresses are available only to clients with that same GUID (presumed to be the same client) for about two minutes after disconnection. After two minutes a disconnected address goes to the end of the "available" queue; this will be the next address assigned (unless a client reports it as its most recent address, described below). Resumption of usage of the same address must be from the client with the same GUID.
- During a connection attempt, if no last-address information is supplied by the client, the tunnel service evaluates the next few addresses in the "available" queue for conflicts[1], and then assigns the first with no conflicts or acceptable conflicts to the Connect tunnel client. If fatal conflicts are found in all of these first few addresses, assignment from this pool fails; the address assignment effort continues with the next allowable pool, or it fails altogether if there are no more pools.
- If the last-address information is supplied, the server checks that the address is available; if it's within two minutes of the last disconnect the server also checks that the GUID matches the client. Non-fatal conflicts are accepted.
- If the client indicates that it's resuming a failed tunnel, the process is the same as the last-address assignment, except that an existing tunnel with this GUID is torn down and the client dumps flow information to the server in order to re-establish open sessions.
Secure NAT pools work in a similar way, except that no "available" queue is maintained; instead there is a "next-address" counter shared among all Secure NAT pools. Disconnected addresses are still reserved (same GUID only) for two minutes, and then are once again available. Realistically, they'll be reassigned, because there are several million NAT addresses to loop through before this particular address is once more the "next-address."
DHCP pools bypass all of the address reservation routines and allow the DHCP server to handle it instead.
[1] Address conflict resolution routines within the server typically will avoid an address assignment that will disrupt the user's connection.
Related Articles
- How to Set Timeout for Inactive Tunnel Connections
- Commands for silent installation of NetExtender via CMD line
- Users on Netextender 10.3.0 version failing to connect with the following error message " Cannot get a response from the server "
YES
NO