Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 6463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static route question

CaseyJCO

Hello,

I have a setup with 2 networks connected to the XG firewall via a switch:

 

Port 1 is connected to the 10.0.0.x/24 network switch.

On that switch is a Sophos UTM with an IP of 10.0.0.6 (it has its own internet connection, etc., 10.150.x.x is it's subnet). 

If I go to a computer on the 10.0.0.x/24 network, and I add a static route (i.e. on the mac its command is  route add 10.150.0.0/16 10.0.0.6) I can route traffic between that computer and the 10.150.x.x network just fine, however that's not a good situation because I dont want to add that static route to each computer on the network.  I know also because of this, firewall rules are setup correctly to allow traffic between both subnets.

How do I get a static route in the XG to work that same way?

Right now, I have one setup as but that doesn't work.  I know this doesn't work as I can take any other computer on the 10.0.0.x subnet and cannot ping to 10.150.x.x network.

Any ideas?



This thread was automatically locked due to age.
Parents
  • 0

    Friend,

     

    Good day!

     

    Will you help me providing network diagram.


    Warm Regards,

  • 0 in reply to Deo Angelo Lim

    Hi,

    See attached photo for network diagram

  • 0 in reply to CaseyJCO

    Ok, I got it! Last questions, Is 10.0.0.6 is a WAN port of the another UTM? And what you need to achieve is to connect 10.0.0.x to 10.150.0.x and vise versa?

     

    Warm Regards,

  • 0 in reply to CaseyJCO

    Hi CaseyJCO ,

    It does seem like asymetric routing is taking palce as the state connection was not accomplised. Your request was routed to UTM but the connection was made between UTM and XG. The reply packet was meant to the host on your network and it will not go though XG anymore. 

    I suggest adding bypass configuration from Stateful inspection on your XG device. 

    set advanced-firewall bypass-stateful-firewall-config add source_network 10.0.0.0 source_netmask 255.255.255.0 dest_network 0.0.0.0 dest_netmask 0.0.0.0

    In case you wish to revert the connection entry , if it does not work.

    set advanced-firewall bypass-stateful-firewall-config del source_network 10.0.0.0 source_netmask 255.255.255.0 dest_network 0.0.0.0 dest_netmask 0.0.0.0

    Let me know if this does not work . Also , take a packet capture for public ip request to see if the packet landed to the host machine that requested it.

Reply
  • 0 in reply to CaseyJCO

    Hi CaseyJCO ,

    It does seem like asymetric routing is taking palce as the state connection was not accomplised. Your request was routed to UTM but the connection was made between UTM and XG. The reply packet was meant to the host on your network and it will not go though XG anymore. 

    I suggest adding bypass configuration from Stateful inspection on your XG device. 

    set advanced-firewall bypass-stateful-firewall-config add source_network 10.0.0.0 source_netmask 255.255.255.0 dest_network 0.0.0.0 dest_netmask 0.0.0.0

    In case you wish to revert the connection entry , if it does not work.

    set advanced-firewall bypass-stateful-firewall-config del source_network 10.0.0.0 source_netmask 255.255.255.0 dest_network 0.0.0.0 dest_netmask 0.0.0.0

    Let me know if this does not work . Also , take a packet capture for public ip request to see if the packet landed to the host machine that requested it.

Children
No Data