Trying to setup Static Route

Hi Jamie,

please provide a simple network diagram of the connections to your XG?

There appears to be too many internal networks and no external addresses?

Ian

Thanks for the reply, the router I have replaced is the Default Gateway at the Remote Office. Replaced a Cisco 800 series with the Sophos XG 135

I knocked this up really quickly on my phone. Sorry if it's not detailed enough, please let me know if you need more information

Hey,

So I would say that it should actually look like this:
Destination IP / Netmask:

192.168.46.0/24
Gateway: 192.168.46.1
Interface: LAN interface
Distance: tried 0 up to 3

Whereby I usually have the gateways in the same IP range and then the network behind it differently. But as a rule you enter your destination network and the gateway of the network for static routes. So over which gateway you reach this net. With the interfaces, you have usually already selected your gateway.

Please correct if I tell nonsense

greets

That doesn't work, gateway must be the same as the interface

Yes, that's right, too.

Actually it should look like this:

192.168.46.0/24 Network Remote e1
192.168.47.1 Gateway Remote 1
192.168.47.254 Gateway Remote 2
192.168.48.0/24 Network Remote 2

edit:

only the gateways must be in the same network. The network itself does not have to be the same as the gateway. maybe you could also realize it with an "alias" interface.

I'm not getting any closer here.

Let's play dumb as possible and try starting from scratch. How would you setup the below scenario?

The site has:

ISP Managed Device to facilitate their VPN to the main office
Sophos XG135 as default gateway which has 2x alternate WAN connections for general internet use

Local LAN Subnet 192.168.49.0/24
ISP managed Gateway: 192.168.49.1
Sophos (Default Gateway): 192.168.49.2

Main Office subnet: 192.168.46.0/24 (EDIT - Fixed a typo...sorry!)

Using the ISP managed Gateway as the default, 192.168.49.1, I can ping the main office.
If I change it to the Sophos, I can't get to the main office subnet at all, and Tracert results in the connections going out through the WAN.

The main network also has the IP 192.168.49.0?
So the route would be The network you want to reach -> on the gateway which has a connection to the network -> over the interface which reaches this gateway.
If the same network is on both sides, you have of course the problem that the request does not go to the gateway because the network is known.

Actually, the route would be "main network" -> "Gateway 192.168.49.1" -> "Interface 192.168.49.2"

Sorry, that's a typo

Main Office Subnet 192.168.46.0/24

Ah ok. Then it's good :). Then the route should actually look like this:

The network in the main office is 192.168.46.0. At the remote office, it is 192.168.49.0

Then it should look like this:
192.168.46.0/24
192.168.49.1
192.168.49.2

In the main office, it should look like this:
192.168.49.0/24
192.168.49.2
192.168.49.1

This is what I had.

Further testing, it's working from the UTM, but not from a workstation

What firewall rules do I need to create?