Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 32153 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG (Home Edition) - Unable to define LAN Gateway IP Address - To route to internal subnets.

Peter Mann

Hello All,

I have Sophos XG 'Home' edition setup in a home environment. I have retained the same default internal LAN IP address 172.16.16.16/24. From devices connected to this this subnet, I can successfully route out to the Internet.

However, I also desire to access the Internet from other connected subnets accessible via the LAN Interface. From the Sophos LAN Interface I'm assuming that I need to specify the 'Gateway IP' so that I may route to these other subnets.

However, I can't add a default gateway IP. Please see screenshot. This field is not editable. Is this a restriction with the 'Home' Edition? Any help would be much appreciated.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to varunparikh

    Hello,

    The IP address 172.16.16.254 is a Layer-3 interface (defined on a router) that is accessible from the Sophos LAN interface. Hence I have a static route pointing to this address to reach other 'Internal' subnets.

    The gateway for PCs on 192.168.20.0/24 is 192.168.20.254 (which incidentally is also defined on the same internal router).

    I hope that helps explain the setup.

    Thanks and regards.

Children
  • 0 in reply to Peter Mann

    Hello again Peter, 

    As I understand, PCs and the routers are connected to the same Interface (Sophos LAN Interface), through a switch? Are the routers and the PCs connected to same switch or different ones?

    I can see an asymmetric routing issue if they are on the same switch, as when a PC in 192.168.20.0 subnet initiates traffic, it will send to its gateway (20.254), which if in the same switch, does not reach the Sophos LAN interface because they are in the same broadcast domain. 

    Also, the static routing you have configured on the Sophos Firewall is destination based static route, which means when any traffic received by the Sophos firewall (destination 192.168.20.0) will be routed as you have specified, but to participate in routing, Sophos firewall needs to be a gateway. 

    Hope this clears a bit of confusion. It would be nice if you could share a small diagram.

    Regards,