How to create Static route using Command Line Interface
10/14/2021 36 People found this article helpful 486,339 Views
Description
If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. The static route policies will create static routing entries that make decisions based upon source address, source Netmask, destination address, destination Netmask, service, interface, gateway and metric.
In the above example: a NAT-enabled SonicWall UTM appliance is configured with a LAN IP of 192.168.168.168 / 255.255.255.0 and the computers on the LAN network are on the similar IP range. The IP address of the local router is 192.168.168.254 /24 with the Gateway IP as 192.168.168.168, which connects to another network numbered 10.10.20.x.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Please, login to the appliance via CLI following this guide: How to login to the appliance using the Command Line Interface (CLI)
- Type configure to enter the device configuration mode.
- Create Address Objects
- The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.
config (C0EAE45C02DC) # address-object ipv4 "Network Behind Router"
(add-ipv4-address-object [Network Behind Router]) # network 10.10.20.0 255.255.255.0
(add-ipv4-address-object [Network Behind Router]]) # zone LAN
(add-ipv4-address-object [Network Behind Router]) # commit
% Applying changes ...
%changes made .
(edit-ipv4-address-object [Network Behind Router]]) # exit
- The below command is used to create new address object with IP host 192.168.168.254 in LAN zone.
config (C0EAE45C02DC) # address-object ipv4 "Router IP"
(add-ipv4-address-object [Router IP]) # host 192.168.168.254
(add-ipv4-address-object [Router IP]) # zone LAN
(add-ipv4-address-object [Router IP]) # commit
% Applying changes ...
%changes made .
(edit-ipv4-address-object [Router IP]) # exit
- Create Static Route
- The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.
config (C0EAE45C02DC) # routing
(config-routing-policy) # policy interface X0 metric 1
(add-routing-policy) # source any
(add-routing-policy) # destination name "Network Behind Router"
(add-routing-policy) # service any
(add-routing-policy) # gateway name "Router IP"
(add-routing-policy) # commit
% Applying changes ...
%changes made .
(edit-routing-policy) # exit
(config-routing-policy) # exit
New Static route which we created will be updated in SonicWall Management page as below under Network | Routing:
Notes:
- The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN.
- The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the Internet through the SonicWall's connection.
- You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.
Related Articles
Categories
Was This Article Helpful?
YESNO