Static Routes not working

Question

Hello all. I need to setup static routes to reach other sites across an MPLS. Currently I'm using Meraki MX devices and this is straightforward; I just enter the remote subnet for example 10.1.11.0/24, enter the next hop IP 10.1.10.1, and then it routes fine. I can't seem to get this to work on my Sophos XG, devices on the LAN cannot get to the remote subnets, traffic seems to die at the Sophos box. 
 I found a reference that I need to create a policy rule allowing traffic to and from the other subnets; I did that, but it seems to make no difference. Strangely enough if I ping the remote subnets from the Sophos box itself using the diagnostics, I can ping them. 
 Can anyone point me in the right direction? Thanks in advance.

lferrara · Accepted Answer

Bill, 
 you are having asymmetric routing issue so traffic is blocked. Have a look at this thread: 
 https://community.sophos.com/products/xg-firewall/f/network-and-routing/74750/how-can-i-allow-asymmetrical-routes 
 Make sure a proper firewall rule is created to allow traffic (as you wrote you shoud be ok). 
 Regards

Thor-HoG · Answer

Just to add to this since following the main link lead to another link that was broken: 
 
 In order to route from the LAN interface to a destination router on the same LAN interface I had to create an allow rule for Source LAN and Destination LAN before it would actually work. 
 
 IOW, this Sophos is my default gateway, but the route to a different subnet over L2 is via my core router. Creating the ROUTE on this XG didn't work. Only when I created the access rule from LAN to LAN did it allow the route to actually work.