-
Products
-
Gen 7 Firewalls
SonicWall's Gen 7 platform-ready firewalls offer performance with stability and superior threat protection — all at an industry-leading TCO.
Read More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to create Static route using Command Line Interface
10/14/2021 
36 People found this article helpful
479,900 Views
Description
If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. The static route policies will create static routing entries that make decisions based upon source address, source Netmask, destination address, destination Netmask, service, interface, gateway and metric.
In the above example: a NAT-enabled SonicWall UTM appliance is configured with a LAN IP of 192.168.168.168 / 255.255.255.0 and the computers on the LAN network are on the similar IP range. The IP address of the local router is 192.168.168.254 /24 with the Gateway IP as 192.168.168.168, which connects to another network numbered 10.10.20.x.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Please, login to the appliance via CLI following this guide: How to login to the appliance using the Command Line Interface (CLI)
- Type configure to enter the device configuration mode.
- Create Address Objects
- The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.
config (C0EAE45C02DC) # address-object ipv4 "Network Behind Router"
(add-ipv4-address-object [Network Behind Router]) # network 10.10.20.0 255.255.255.0
(add-ipv4-address-object [Network Behind Router]]) # zone LAN
(add-ipv4-address-object [Network Behind Router]) # commit
% Applying changes ...
%changes made .
(edit-ipv4-address-object [Network Behind Router]]) # exit
- The below command is used to create new address object with IP host 192.168.168.254 in LAN zone.
config (C0EAE45C02DC) # address-object ipv4 "Router IP"
(add-ipv4-address-object [Router IP]) # host 192.168.168.254
(add-ipv4-address-object [Router IP]) # zone LAN
(add-ipv4-address-object [Router IP]) # commit
% Applying changes ...
%changes made .
(edit-ipv4-address-object [Router IP]) # exit
- The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.
- Create Static Route
- The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.
config(C0EAE45BFFF0)# routing
(config-routing)# route-policy interface X0 metric 1
(add-route-policy)# source any
(add-route-policy)# destination name "Network Behind Router"
(add-route-policy)# service any
(add-route-policy)# gateway name "Router IP"
(add-route-policy)# commit
% Applying changes...
% Status returned processing command:
commit
% Changes made.
(edit-route-policy)# exit
(config-routing)# exit
- The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.
New Static route which we created will be updated in SonicWall Management page as below under MANAGE | Network | Routing | Route Policies :
Notes:
- The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN.
- The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the internet through the SonicWall's connection.
- You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Please, login to the appliance via CLI following this guide: How to login to the appliance using the Command Line Interface (CLI)
- Type configure to enter the device configuration mode.
- Create Address Objects
- The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.
config (C0EAE45C02DC) # address-object ipv4 "Network Behind Router"
(add-ipv4-address-object [Network Behind Router]) # network 10.10.20.0 255.255.255.0
(add-ipv4-address-object [Network Behind Router]]) # zone LAN
(add-ipv4-address-object [Network Behind Router]) # commit
% Applying changes ...
%changes made .
(edit-ipv4-address-object [Network Behind Router]]) # exit - The below command is used to create new address object with IP host 192.168.168.254 in LAN zone.
config (C0EAE45C02DC) # address-object ipv4 "Router IP"
(add-ipv4-address-object [Router IP]) # host 192.168.168.254
(add-ipv4-address-object [Router IP]) # zone LAN
(add-ipv4-address-object [Router IP]) # commit
% Applying changes ...
%changes made .
(edit-ipv4-address-object [Router IP]) # exit
- The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.
- Create Static Route
- The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.
config (C0EAE45C02DC) # routing
(config-routing-policy) # policy interface X0 metric 1
(add-routing-policy) # source any
(add-routing-policy) # destination name "Network Behind Router"
(add-routing-policy) # service any
(add-routing-policy) # gateway name "Router IP"
(add-routing-policy) # commit
% Applying changes ...
%changes made .
(edit-routing-policy) # exit
(config-routing-policy) # exit
- The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.
New Static route which we created will be updated in SonicWall Management page as below under Network | Routing:
Notes:
- The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN.
- The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the Internet through the SonicWall's connection.
- You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.
Related Articles
- Site to Site VPN connectivity issue between SonicWall Security Appliance and DrayTek Firewall
- Troubleshooting Connectivity Problems Between the SonicWall and the Microsoft Exchange Server
- How do I install SonicWall NSv on Azure ?
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
- Firewalls > NSv Series
- Firewalls > NSa Series
YES
NO