How to route a static WAN subnet over a single carrier IP

Question

Hi, 
 I need some help to fix a WAN configuration issue since I can't access the admin-interface of the gateway behind my sophos-gateway. 
 That's how our internet access infrastructure looks like: 
 We get our internet connection through a cable modem and a additional router which creates a subnet with 8 ip addresses. Here is a draft: 
 ---(cable)---[CABLE-MODEM]---(eth)---[MicroTik-ROUTER]---(eth)---[Sophos-SG210]--- 
 We use the MicroTik router to multiplex/route between the single IP address that the modem provides to the x.y.z.112/29 subnet that is finally used by our sophos gw. This router has been installed years ago by some other network admin before we had the Sophos SG210. It was a demand from our ISP in order to give us the official-ip /29 subnet. 
 My plan is to remove the MicroTik router from the whole chain since the Sophos-SG210 should be capable of mastering this routing task (route a subnet through one ISP address). One of the main reasons is a down-stream bandwidth issue that came up after our ISP exchanged the cable-modem which should provide higher up/dn bandwidth (400/40 MBit down/up)but instead throttles down the downstream (to 200MBit) which is even below the values (250MBit) we had before. 
 
 Side issue I would like to solve: 
 First of all I would like to access the admin-interface of this MicroTik router at x.y.z.113 which is also used as "IPv4 Default GW address" in the UTM WAN1 interface. When I attach a notebook directly to one of the LAN ports on the MicroTik router I can access the admin-interface but not from the internal corporate LAN behind my UTM. 
 I should probably ignore this little problem since I want to get rid of this "in between" router anyway and I can connect to it directly in case I need to lookup something or do some changes. Still it makes me curious and think that something is not configured correctly on the WAN side - or do I just worry too much and it's normal? 
 
 Main issue I have to solve: 
 However I should focus on the main task which is to remove the MicroTik router and put it's routing/multiplexing task to the Sophos SG210 side. AFAIK the single "carrier" IP address that the modem provides on it's LAN side can be assigned dynamically (DHCP). 
 I guess the WAN interface should be just configured to "Dynamic IPv4" and physically connected to the modem. But where do I create my static /29 IP subnet and how do I tell to route/multiplex this subnet to the "carrier ip". And if there are different routing types/modes - how do I find out which one is being used currently in the MicroTik router? 
 Currently the WAN interface is configured to a static IP x.y.z.118 (belongs to our /29 subnet) and there are 3 extra entries on the "Additional Addresses" page (for some other services we provide externally on other IPs from our subnet). 
 So which changes have to be done to get our subnet running on the Sophos SG210 ?

apijnappels · Answer

Your first question about not being able to reach the .113 address from the inside, that's because you might need to create a firewall rule to allow the traffic from the internal network to the External wan (Address). 
 For you other question about how to add the /29. I'm not sure about how your ISP configured everything, but by just having the WAN as Dynamic as you described it will get the 1 address. Then you can configure additonal addresses where you need to individually add every address (like there already seem to be a couple). You cannot add the entire /29 in one go afaik. 
 If you just need the addresses for incoming traffic to redirect to internal devices, not really much more is needed (except for some DNAT rules to direct to the correct internal destination).