Nothing is quite as awesome as believing you’re an expert at something and then having something simple completely throw you for a loop. Today, I was working on creating some point to point VPN connections on a Sonicwall TZ 205 firewall and needed to create some address objects for the various remote networks. I filled in all of the information for creating a Network object and went to save it and go the following error message kicked back at me:

[callout] Error: Creating Network: Invalid netmask[/callout]

I stare at it for a bit wondering if I have a space on the end of one of the fields and retype everything. Same problem. I stare at it some more, thinking WTF is wrong here? I check in with my good friend Google and am not really finding any clues. And then, there it is.

Solution

In strict instances, such as this, the network MUST be entered as the root IP address of the network. While it’s little known that this IP address can be used in some circumstances (I saw it recently done on a client’s network using Juniper gear), it’s generally the IP that nobody uses because it’s reserved for the network.

In this case, it’s 192.168.2.0 for a /24 (255.255.255.0) network. Any number other than a 0 for this particular netmask will throw things for a loop and give you this error message.

For those of us who are experienced network administrators, we want to smack our heads for falling for something so simple. Given that I couldn’t find a quick and easy answer online, I thought I’d post this hear for other smart people making a simple mistake as well. As usual, if you found this helpful or have a question for your particular scenario, feel free to leave me a comment. Enjoy!