RED site to site (XG 135 to XG 330) with FULL tunnel

Question

I am looking to set up a RED site to site (XG 135 to XG 330) with FULL tunnel. I found instructions for doing this on a UTM: 
 https://community.sophos.com/kb/en-us/120263 
 However, I cannot figure out how to do this on the XG. 
 RED on Client (192.168.88.0/24): 
 
 FW rules on RED Client:

RED on Server (xxx.yyy.151.0/24): 
 
 FW Rules on RED Server: 
 
 If I set up RED/static routes per: 
 https://community.sophos.com/kb/en-us/125101 
 I can ping/tracert from Client network to Server network over the tunnel however, pings/tracert to other networks are not routed thru the tunnel. 
 Also ping/tracert from Server network to Client network fail at the XG. I can ping the XG however, pings to nodes on the client network fail. 
 Also ping/tracert from other networks to client/XG network fail. 
 Thanks, 
 Daniel

axsom1 · Answer

Instead of setting a 0.0.0.0 route, why not create a gateway for the RED interface. 
 Then you can simply write a rule to force all traffic destined for WAN zone out that gateway. I use XG appliances at branches in this manner to force all traffic out the central firewall (similar to a RED std/unified). 
 Daniel, 
 What do your routes looks like? The concept is pretty simple in that we setup our zones, RED interfaces, firewall rules, and routes. If traffic isn't flowing in one direction or the other, it's usually from a route or firewall rule. 
 Thanks, 
 John

sachingurung · Answer

Hi Daniel, 
 What Zone is defined for the RED interface on both the firewalls? Instead of a LAN_RED fw -rule , simply create a LAN_LAN fw -rule on both XG(s) as suggested in the guide here: Sophos Firewall: How to configure Site-to-Site RED Tunnels . Please verify the configurations on your end with the steps in this KB article. 
 Cheers-

ShunzeLee · Answer

Hi John, 
 After create a policy route to replace 0.0.0.0/0 static route, it works~

Thank you~