This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route between two internal networks

Hello everyone,

I am migrating my setup from Sophos UTM to Sophos Firewall XG and I am introducing some new arrangements as I go along. This should be a simple one I hope. The hardware that runs the XG (v18) has quad ethernet and it has two internal networks. On interface 1 there is 192.168.10.0/24 (let's call this network 1) and on interface 2 there is 192.168.50.0/24 (let's call this network 2). The default gateways for the two networks are 192.168.10.2 and 192.168.50.2 respectively. Interfaces 3 and 4 are the external networks for interfaces 1 and 2 respectively. As it stands, network 1 cannot talk to network 2 and vice versa. I am trying to set-up static routes but I am getting confused. The three values I need to set-up in the static routing configuration page is a) the destination network, b) the gateway and c) the interface. So for network 1 to talk to network 2 what do I choose as a static route? I tried the following values

a) 192.168.50.0/24 (the destination network)

b) 192.168.50.2

c) Interface? what do I put here? If I pick interface 1 it doesn't like it (interface IP and gateway not in the same network). If I pick interface 2 it doesn't like it (gateway IP must be different to the interface IP).

So I only used a) and b) (left interface blank) and I also added two firewall rules

LAN zone / 192.168.10.0/24 to LAN zone / 192.168.50.0/24 accept

LAN zone / 192.168.50.0/24 to LAN zone / 192.168.10.0/24 accept

It doesn't work.... what am I doing wrong? From 192.168.10.0/24 I can ping 192.168.50.2 (the gateway) but not machines in the 192.168.50.0/24 network.

Thank you!!



This thread was automatically locked due to age.
Parents
  • I think I see your issue,

    a) destination network - this is the network you wish to get access to.

    b) the gateway - the gateway by which you leave your current network by to get to the destination

    c) interface - this is the interface on which you have configured the gateway.

    to help, when you are in Static Routes, click Add, then click the Help at the top of the page, this will direct you to the page that explains this from the manual.

    it also has a picture to help you.

    don't forget to add a distance, usually 1 but if you have some precedence enabled or configured this may need to be different.

    and don't forget to add rules, as it is a deny all between networks until you add the allow rules.

  • Thank you for your answer Sarah. I still don't get how this is supposed to work and I apologize for that - I am not a networks professional. Let's give this another go.

    The interface IP and the gateway IP is the same thing, isn't it? So if I want to access network 192.168.50.0/24 from 192.168.10.0/24 how do I go about it? All the devices on 192.168.10.0/24 talk to Sophos via Interface 1 with IP 192.168.10.2. This is the default gateway for that network. All the devices on 192.168.50.0/24 talk to Sophos via interface 2 with IP 192.168.50.2. This is the default gateway for that network.

    Based on the screenshot in the manual for 192.168.10.0/24 to talk to 192.168.50.0/24 I am supposed to configure it as

    a) destination network : 192.168.50.0/24

    b) destination gateway address : 192.168.10.2

    c) Interface <- still this doesn't make sense. If I pick interface 1 (192.168.10.2) the firewall will say that the gateway and the interface have to be on the same network. If I pick interface 2 (192.168.50.2 as the manual implies) the firewall will say that the IPs should be different

    The example on the manual is

    a) 192.168.2.10/24 (why not 192.168.2.0/24)

    b) 172.20.20.2 (the gateway of what?)

    c) 172.20.20.1 (the interface IP - why is this different to 172.20.20.2 ??)

    Does this imply that interface 1 with IP 192.168.10.2 should have an alias on the 192.168.50.0 network? And interface 2 with IP 192.168.50.0 an alias on the 192.168.10.0 network?

    I tried the following:

    Interface 1 with IP 192.168.10.2 has an alias 192.168.50.200

    Interface 2 with IP 192.168.50.2 has an alias 192.168.10.200

    New static route settings

    a) 192.168.50.0/24

    b) 192.168.10.200

    c) 192.168.10.2 

    That didn't work either.

    Thank you again

Reply
  • Thank you for your answer Sarah. I still don't get how this is supposed to work and I apologize for that - I am not a networks professional. Let's give this another go.

    The interface IP and the gateway IP is the same thing, isn't it? So if I want to access network 192.168.50.0/24 from 192.168.10.0/24 how do I go about it? All the devices on 192.168.10.0/24 talk to Sophos via Interface 1 with IP 192.168.10.2. This is the default gateway for that network. All the devices on 192.168.50.0/24 talk to Sophos via interface 2 with IP 192.168.50.2. This is the default gateway for that network.

    Based on the screenshot in the manual for 192.168.10.0/24 to talk to 192.168.50.0/24 I am supposed to configure it as

    a) destination network : 192.168.50.0/24

    b) destination gateway address : 192.168.10.2

    c) Interface <- still this doesn't make sense. If I pick interface 1 (192.168.10.2) the firewall will say that the gateway and the interface have to be on the same network. If I pick interface 2 (192.168.50.2 as the manual implies) the firewall will say that the IPs should be different

    The example on the manual is

    a) 192.168.2.10/24 (why not 192.168.2.0/24)

    b) 172.20.20.2 (the gateway of what?)

    c) 172.20.20.1 (the interface IP - why is this different to 172.20.20.2 ??)

    Does this imply that interface 1 with IP 192.168.10.2 should have an alias on the 192.168.50.0 network? And interface 2 with IP 192.168.50.0 an alias on the 192.168.10.0 network?

    I tried the following:

    Interface 1 with IP 192.168.10.2 has an alias 192.168.50.200

    Interface 2 with IP 192.168.50.2 has an alias 192.168.10.200

    New static route settings

    a) 192.168.50.0/24

    b) 192.168.10.200

    c) 192.168.10.2 

    That didn't work either.

    Thank you again

Children
No Data