Routing to another gateway on the same LAN Subnet as Sophos XG

Question

Hello everyone, 
 
 I have a behavior I don't know how to solve. 
 Your help will be really appreciated :). 
 My Sophos XG is the default gateway, DGXG (192.168.0.250), for my subnet LAN1. My LAN1 is deployed between 2 sites using a fibre. 
 DGXG is connected to the WAN1 
 I can connect on every devices on the LAN1. 
 On this LAN1 I have another gateway, ZXG (192.168.0.10), that is connected to another DMZ1 network, 
 From LAN1 if we want to reach DMZ we need to use ZXG. 
 I created one route static (policy route as well) on the XG firewall, but we can not reach the servers on DMZ1. 
 To reach this servers I had to put a persistent route on the device in LAN1. 
 
 Do you have any ideas of waht could be done to make it working as expected without adding persistent route on workstations? 
 
 Thanks for your help. 
 Best regards, Maxime

ShunzeLee · Accepted Answer

Maybe it was blocked with XG as asymmetric route. 
 
 Only one way pass through XG will be blocked as asymmetric route. 
 If you can't change the network structure, you may bypass asymmetric routing on XG with following command. 
 set advanced-firewall bypass-stateful-firewall-config add source_network 192.168.0.0 source_netmask 255.255.255.0 dest_network 192.168.X.0 dest_netmask 255.255.255.0 
 set advanced-firewall bypass-stateful-firewall-config add source_network 192.168.X.0 source_netmask 255.255.255.0 dest_network 192.168.X.0 dest_netmask 255.255.255.0 
 Try it.

max.mo · Answer

Hello, 
 
 Thanks a lot ! 
 
 I completed your post with https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/79041/troubleshooting-guide-for-xg . 
 
 I think it solved my case. 
 I need to do more tests to be sure :)