The de-facto Enterprise fiber setup from Comcast is to assign a single /30 address. If you need additional addresses, they will assign them to you but you have to route them yourself unless you spring for the optional managed router.

In this exercise, I will show you how to load the addresses on to a Sonicwall gen7 series router so you can route a block of static IPs and save yourself the managed router cost. We are going to assume that X1 is the WAN interface for the Sonicwall router and you are using a /29 which has 6 addresses in the range: 5 usable and one for the gateway.

When requesting a block of static IPs, Comcast will give you a datasheet that shows a  /29 Customer LAN and a /30 WAN block.


IMPORTANT: A block of addresses always must include a network address and a broadcast address, which Comcast usually omits from the customer LAN block IPV4 range. For example: A /29 block has 8 addresses, the first address is the network address, the last address is the broadcast address, this leaves you with 6 addresses. These are the 6 addresses that Comcast usually list as the IPV4 range. The same applies to any size subnet: A subnet size of /28 will yield 16 addresses. You still lose one for the network, one for the broadcast so Comcast will list 14 addresses.

Let’s assume for our example a /29 block of 8 addresses:

first address = network address
second address = default gateway
third to seventh = usable range
eighth address = broadcast

In the documentation (see image above), Comcast will usually list the second to seventh addresses only. If Comcast give you a /29 with only 6 addresses, this is because they are not listing the network or broadcast addresses in their documentation. Just know that a /29 has 8 IP addresses and that the network address is one octet below the range of 6 IPs shown in the documentation.

Now that I have given you a headache, let’s do something easy which is to configure the WAN IP.

Configuring the single IP address /30 on the Sonicwall WAN port

Configure the /30 address on the Sonicwall’s X1 WAN interface as shown below.



Configuring the /29 on a Sonicwall LAN port

Navigate to network –> address objects and configure the /29 subnet as a network address object. The first address is the block address (network address) and it will be entered as the network address as shown below.



Next, assign an empty interface port the default DMZ zone (or create your own zone) and the second IP address in the range (which will be the default gateway) and the appropriate subnet mask.


Go to policy –> access rules and create and ingress and egress rule.


Create a rule from WAN –> DMZ and another from DMZ –> WAN

If you don’t want any ports blocked set any to any allow. This will allow all traffic to flow to your /29 assigned devices.

Finally, connect a L2 switch to the interface and use it to connect devices that use static WAN IP from the /29 WAN subnet that was assigned to you. Your network setup should look something like this.



Note that the single static on the /30 WAN interface X1 is still usable in additional to the 5 usable addresses in your /29 network.


  1. Brian


    Question. What did you create address object for? I don’t see it being used anywhere in the instructions.

    • Reply

      Hi Brian, thanks for posting. I created the address object so that the router is aware of the network IP range and so that I can assign it a zone.

Leave a comment

Your email address will not be published. Required fields are marked *

error: Sorry, copy/paste is disabled
Skip to content