We have an XG 85W with 1x LAN Zone and 2x WAN Zone connections.
The first WAN on Port 2 is a fast line but with very expensive traffic with a fixed external Internet IP address. We use it for an IPsec Site-to-Site VPN to our data center systems.
The second WAN on Port 3 is a cheap, slower DSL line that we share with a partner company. Here the traffic runs through a private transfer network.
To ensure that the standard internet traffic runs solely through the DSL line there is a static routing rule that sends traffic for 0.0.0.0/0 through Port 3.
A second fixed routing rule sends traffic for the IPsec gateway in the data center through Port 2. The traffic to our data center networks are handled through the internal IPsec networks-rules.
The problem arises when we want to access the management of the XG from outside and especially when we want to incorporate the XG into our Sophos Management System. We can ping the external IP address on Port 2 because the interface itself answers. But we cannot access the management website or the portal from the fixed IP address because the internal web server's traffic is subject to the routing rules and tries to send all the answer packets through Port 3. Which of course breaks the connection.
Is there any way I can tell the internal systems to answer the management and portal requests through the interface they were queried through?
This thread was automatically locked due to age.
