Trying to setup Static Route

Hey,

So I would say that it should actually look like this:
Destination IP / Netmask:

192.168.46.0/24
Gateway: 192.168.46.1
Interface: LAN interface
Distance: tried 0 up to 3

Whereby I usually have the gateways in the same IP range and then the network behind it differently. But as a rule you enter your destination network and the gateway of the network for static routes. So over which gateway you reach this net. With the interfaces, you have usually already selected your gateway.

Please correct if I tell nonsense

greets

That doesn't work, gateway must be the same as the interface

Yes, that's right, too.

Actually it should look like this:

192.168.46.0/24 Network Remote e1
192.168.47.1 Gateway Remote 1
192.168.47.254 Gateway Remote 2
192.168.48.0/24 Network Remote 2

edit:

only the gateways must be in the same network. The network itself does not have to be the same as the gateway. maybe you could also realize it with an "alias" interface.

I'm not getting any closer here.

Let's play dumb as possible and try starting from scratch. How would you setup the below scenario?

The site has:

ISP Managed Device to facilitate their VPN to the main office
Sophos XG135 as default gateway which has 2x alternate WAN connections for general internet use

Local LAN Subnet 192.168.49.0/24
ISP managed Gateway: 192.168.49.1
Sophos (Default Gateway): 192.168.49.2

Main Office subnet: 192.168.46.0/24 (EDIT - Fixed a typo...sorry!)

Using the ISP managed Gateway as the default, 192.168.49.1, I can ping the main office.
If I change it to the Sophos, I can't get to the main office subnet at all, and Tracert results in the connections going out through the WAN.

The main network also has the IP 192.168.49.0?
So the route would be The network you want to reach -> on the gateway which has a connection to the network -> over the interface which reaches this gateway.
If the same network is on both sides, you have of course the problem that the request does not go to the gateway because the network is known.

Actually, the route would be "main network" -> "Gateway 192.168.49.1" -> "Interface 192.168.49.2"

Sorry, that's a typo

Main Office Subnet 192.168.46.0/24

Sorry, that's a typo

Main Office Subnet 192.168.46.0/24

Ah ok. Then it's good :). Then the route should actually look like this:

The network in the main office is 192.168.46.0. At the remote office, it is 192.168.49.0

Then it should look like this:
192.168.46.0/24
192.168.49.1
192.168.49.2

In the main office, it should look like this:
192.168.49.0/24
192.168.49.2
192.168.49.1

This is what I had.

Further testing, it's working from the UTM, but not from a workstation

What firewall rules do I need to create?

For testing you could set up the following on both firewalls:

Zone: LAN, Network: 192.168.49.0 -> Any to Zone: Any Network: 192.168.46.0

On the other side the other way around.

You do not need masqureding for that, but you definitely need a FW rule on both sides that allows traffic.

Thank you so much for your help Pascal, everything working properly now.

Retract that, when I replaced the device on the other side I found that the Static Route is now working and traffic is leaving, but it isn't getting past the router on the other side

I've created firewall rules on both sides that should be allowing full access to each subnet 

Both sides have

LAN -> Local Subnet -> Any Service      to      Any Zone -> Remote Subnet -> Any Service

and

Any Zone -> Remote Subnet -> Any Service      to      LAN -> Local Subnet -> Any Service

I can only get as far as the Sophos router in either direction.

HELP!?!

Issue was asymmetric routing over the ISP managed WAN. Resolved it using advanced firewall setup to route around the asymmetric routing found in another thread