en-US
search-icon

Knowledge Base

How to Configure Static Routes in SonicOS

Description

How to Configure Static Routes in SonicOS Enhanced

Resolution

Video Tutorial: Click here for the video tutorial of this topic

If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. The static route policies will create static routing entries that make decisions based upon source address, source netmask, destination address, destination netmask, service, interface, gateway and metric.
Image

In the above example: a NAT-enabled SonicWall UTM appliance is configured with a LAN IP of 192.168.168.168 / 255.255.255.0 and the computers on the LAN network are on the similar IP range. The IP address of the local router is 192.168.168.254 /24 with the Gateway IP as 192.168.168.168, which connects to another network numbered 10.10.20.x


 

 Configuring Static Routes on SonicOS Enhanced

1. Login to the SonicWall Management Interface
2. Select Network | Routing | click Add button.

Image

3. Select the following Route Policy Settings:

- Source = Any
- Under Destination = specify Create New Address Object.

Enter a name for the static route.
Specify the Zone Assignment as LAN.
Specify the Type as
Network.
Specify the IP Address 10.10.20.0.
Specify the Netmask 255.255.255.0
Click OK.

- Service = Any 
- Under Gateway = specify Create New Address Object.

Enter a name for the local router.
Specify the Zone Assignment as
LAN.
Specify the Type as
Host.
Specify the IP Address 192.168.168.254. (i.e Route IP on X0)
Click OK.

- Specify the interface as LAN.
- Specify the metric as 1.
- Click OK.

Notes:

  • The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN. 
  • The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the internet through the SonicWall's connection. 
  • You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.

 


Resolution for SonicOS 6.5 and Later

SonicOS 6.5 was released September 2017. This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 and later firmware.

If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. The static route policies will create static routing entries that make decisions based upon source address, source netmask, destination address, destination netmask, service, interface, gateway and metric.
Image

In the above example: a NAT-enabled SonicWall UTM appliance is configured with a LAN IP of 192.168.168.168 / 255.255.255.0 and the computers on the LAN network are on the similar IP range. The IP address of the local router is 192.168.168.254 /24 with the Gateway IP as 192.168.168.168, which connects to another network numbered 10.10.20.x


 

 Configuring Static Routes on SonicOS Enhanced

  1.  Login to the SonicWall Management Interface
  2. Click Manage in the top navigation menu
  3. Click Network | Routing | Route Policies and click add button.Image

3. Select the following Route Policy Settings:

- Source = Any
- Under Destination = specify Create New Address Object.

Enter a name for the static route.
Specify the Zone Assignment as LAN.
Specify the Type as
Network.
Specify the IP Address 10.10.20.0.
Specify the Netmask 255.255.255.0
Click OK.

- Service = Any 
- Under Gateway = specify Create New Address Object.

Enter a name for the local router.
Specify the Zone Assignment as
LAN.
Specify the Type as
Host.
Specify the IP Address 192.168.168.254. (i.e Route IP on X0)
Click OK.

- Specify the interface as LAN.
- Specify the metric as 1.
- Click OK.

Notes:

  • The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN. 
  • The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the internet through the SonicWall's connection. 
  • You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.