Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 2334 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

/32 Subnet in WAN and LAN - How do I force the XG to accept the Gateway?

Christopher Gertig

I have the following Problem:

 

Im trying to deploy a Sophos XG Firewall as a VM from Hetzner Online.

They give me /32 IP Adresses via DHCP.

 

Here´s a little example:

 

WAN -> IP: 123.123.123.213 - Netmask: 255.255.255.255 - Gateway: 172.31.1.1

LAN -> IP 10.10.0.2 - Netmask: 255.255.255.255 - Gateway: 10.10.0.1

 

Routing config from Hetzner Privat LAN: 0.0.0.0/0 (every IP that the Server wants to connect to)-> 10.10.0.1 (Hetzner GW) -> 10.10.0.2 (Sophos XG)

 

The Problem: If I try to make a Static Route in the XG for the Gateway LAN Interface, it says "The GW IP must be in the same Subnet as the LAN IP" -> But WHY???

I tested it with a PfSense and it worked fine. But I need to run a XG. 

 

Anybody an idea? 

 



This thread was automatically locked due to age.
Parents
  • 0

    Christopher,

    this is the correct behaviour. Your WAN IP and your gateway IP must be in the same subnet.

    Contact your ISP to modify and give you not a /32 IP address.

    Regards

  • 0 in reply to lferrara

    Hi Luk,

     

    the whole Product of my ISP (Hetzner) is based on /32 IPs. All VMs become an external Gateway out of the Subnet. And It works fine. And, as I said, if I configure a PfSense Firewall with an external Gateway, it works. Even if I go into the BSD Advanced Shell of the XG Firewall and set the Routes manually, it works with the XG Firewall. But after a restart, all setting that I configured in the Shell are gone, and the XG is unreachable again.

    So theoretically it has to work. But is there no way to configure it in the Software of the XG?

Reply
  • 0 in reply to lferrara

    Hi Luk,

     

    the whole Product of my ISP (Hetzner) is based on /32 IPs. All VMs become an external Gateway out of the Subnet. And It works fine. And, as I said, if I configure a PfSense Firewall with an external Gateway, it works. Even if I go into the BSD Advanced Shell of the XG Firewall and set the Routes manually, it works with the XG Firewall. But after a restart, all setting that I configured in the Shell are gone, and the XG is unreachable again.

    So theoretically it has to work. But is there no way to configure it in the Software of the XG?

Children