Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Changing network addressing NSA2600

Hi All,

I have an upcoming project which requires all the network subnets to be changed.

I will need to change all the private subnets defined on the NSAs including the NSAs ip addresses and the virtual ip.

Is there a best practice for this, or what I should change first to ensure I don't lock myself out.

Many thanks,

Steve

Category: Mid Range Firewalls
Reply

Answers

  • Hello @DorsetTech,

    With all NSA devices, we have a MGMT port, which is by default on 192.168.1.254 address. If you are making IP address related changes, it would be best to have yourself connected to this port so that you do not lose access while making changes on other interfaces.

    Are you going to do this remotely?

    If yes, then please take a backup of your settings file before making any changes and have management enabled on the interface so that you can log back in after the change in IP address. Also, is the firewall acting as the DHCP server or you have a local DHCP server? Are you going to log in via the LAN or WAN interface? Please let us know.

    I hope that helps!

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DorsetTechDorsetTech Newbie ✭

    Hi Shiprasahu93,

    I will be onsite tomorrow, so I can connect to the MGMT port.

    Does this require a crossover cable or a standard ethernet cable?

    The firewall does not act as a DHCP server.

    I will be logging in on the LAN side.


    Thanks,

    Steve

  • Hello @DorsetTech,

    If you are going to be on site, then you can directly connect to the MGMT port. Please assign a static IP on the computer that you would be connecting on MGMT port on the subnet 192.168.1.x. Also, this can be connected using a normal Ethernet cable, no crossover cable required.

    The IP address on the MGMT port can be changed from the UI, if you have access to it, please check what it is configured as and then you can assign the static IP accordingly on the computer when you are on site.

    I am assuming that you are going to change the IP addresses on most of the SonicWall interfaces, does that also apply to MGMT port?

    If not, the access should not be affected. Once the IP address is changed, any computer on LAN on the same/new private subnet should be able to connect back to it. I asked about the DHCP server as necessary changes might be required there as the IP address is getting updated on the firewall.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DorsetTechDorsetTech Newbie ✭

    Hi @shiprasahu93

    I will not need to change the ip address of the MGMT port.

    Does each firewall in the HA cluster have its own MGMT ip address or is it shared between the two firewalls in the HA pair?

    With regards to the HA.

    Each firewall has an ip address, e.g. 10.1.100.15 and 10.1.100.16, and then a virtual ip of 10.1.100.11 which is the address of the default route on our core switch. I also managed the firewall from the 10.1.100.11 address.

    Does the HA use any other ip addresses that need to be changed, or will changing the firewalls individual ip addresses and virtual address be suffice with regards to HA?

  • @DorsetTech,

    If you have monitoring IP address set for the HA pair, I would suggest disabling monitoring and then changing the interface address otherwise it throws an error.

    Yes, the IP address on the interface itself is the virtual address and will always take you to the active unit. The monitoring IP addresses are individually set for each device so that they can be accessed separately.

    Also, those three IP address are associated on the firewall wrt to HA.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DorsetTechDorsetTech Newbie ✭

    Hi @shiprasahu93 ,

    I cannot see where I can change the firewalls HF Primary X0 IP and HF Backup X0 IP in the GUI, do I need to change them in CLI?

    Also, would one option be to:

    Login via Putty, run sh current-config, then copy all the config from the Putty session to notepad.

    Run find and replace on the subnets, e.g. Replace 10.1.10 with 10.60.10.

    The import the config again using this guide.

    Or is it best to use the GUI to change all the subnets?

    Many thanks,

    Stephen

  • DorsetTechDorsetTech Newbie ✭

    Ok, this is progressing, but I'm stuck at how to change the X0 Default Gateway address.

    I cannot seem to change it in the address objects as it is greyed out.

  • @DorsetTech,

    This is actually an optional field. You can edit that from the X0 interface itself.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.