How to create Static route using Command Line Interface

Description

If you have routers on your interfaces and if you want to access the computers attached to the router, you need to configure static routes on the SonicWall security appliance on the Network | Routing page. The static route policies will create static routing entries that make decisions based upon source address, source Netmask, destination address, destination Netmask, service, interface, gateway and metric.

Image



In the above example: a NAT-enabled SonicWall UTM appliance is configured with a LAN IP of 192.168.168.168 / 255.255.255.0 and the computers on the LAN network are on the similar IP range. The IP address of the local router is 192.168.168.254 /24 with the Gateway IP as 192.168.168.168, which connects to another network numbered 10.10.20.x.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


Please, login to the appliance via CLI following this guide: How to login to the appliance using the Command Line Interface (CLI)

  • Type configure to enter the device configuration mode.
  1. Create Address Objects
    • The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.

      config (      C0EAE45C02DC) # address-object ipv4 "Network Behind Router"
      (add-ipv4-address-object [Network Behind Router]) # network 10.10.20.0 255.255.255.0
      (add-ipv4-address-object [Network Behind Router]]) # zone LAN
      (add-ipv4-address-object [Network Behind Router]) # commit
      % Applying changes ...
      %changes made .
      (edit-ipv4-address-object [Network Behind Router]]) # exit

      Image
    • The below command is used to create new address object with IP host 192.168.168.254 in LAN zone.

      config (C0EAE45C02DC) # address-object ipv4 "Router IP"
      (add-ipv4-address-object [Router IP]) # host 192.168.168.254
      (add-ipv4-address-object [Router IP]) # zone LAN
      (add-ipv4-address-object [Router IP]) # commit
      % Applying changes ...
      %changes made .
      (edit-ipv4-address-object [Router IP]) #       exit

      Image

  2. Create Static Route
    • The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.

      config(C0EAE45BFFF0)# routing
      (config-routing)# route-policy interface X0 metric 1
      (add-route-policy)# source any
      (add-route-policy)# destination name "Network Behind Router"
      (add-route-policy)# service any
      (add-route-policy)# gateway name "Router IP"
      (add-route-policy)# commit
      % Applying changes...
      % Status returned processing command:
      commit
      % Changes made.
      (edit-route-policy)# exit
      (config-routing)# exit

      Image

New Static route which we created will be updated in SonicWall Management page as below under MANAGE | Network |  Routing | Route Policies :

Image


Notes:

  • The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN.
  • The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the internet through the SonicWall's connection.
  • You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Please, login to the appliance via CLI following this guide: How to login to the appliance using the Command Line Interface (CLI)

  • Type configure to enter the device configuration mode.
  1. Create Address Objects
    • The below command is used to create new address object with IP subnet 10.10.20.0/24 in LAN zone.

      config (      C0EAE45C02DC) # address-object ipv4 "Network Behind Router"
      (add-ipv4-address-object [Network Behind Router]) # network 10.10.20.0 255.255.255.0
      (add-ipv4-address-object [Network Behind Router]]) # zone LAN
      (add-ipv4-address-object [Network Behind Router]) # commit
      % Applying changes ...
      %changes made .
      (edit-ipv4-address-object [Network Behind Router]]) # exit

      Image
    • The below command is used to create new address object with IP host 192.168.168.254 in LAN zone.

      config (C0EAE45C02DC) # address-object ipv4 "Router IP"
      (add-ipv4-address-object [Router IP]) # host 192.168.168.254
      (add-ipv4-address-object [Router IP]) # zone LAN
      (add-ipv4-address-object [Router IP]) # commit
      % Applying changes ...
      %changes made .
      (edit-ipv4-address-object [Router IP]) #       exit

      Image

  2. Create Static Route
    • The below command is used to create Static Route for destination 10.10.20.0 /24 subnet behind router with IP 192.168.168.254 in X0 interface.

      config (C0EAE45C02DC) # routing
      (config-routing-policy) # policy interface X0 metric 1
      (add-routing-policy) # source any
      (add-routing-policy) # destination name "Network Behind Router"
      (add-routing-policy) # service any
      (add-routing-policy) # gateway name "Router IP"
      (add-routing-policy) # commit
      % Applying changes ...
      %changes made .
      (edit-routing-policy) # exit
      (config-routing-policy) # exit

      Image

New Static route which we created will be updated in SonicWall Management page as below under Network |  Routing:

Image


Notes:

  • The destination network and mask must define a logical subnet which doesn't overlap the LAN subnet. The gateway must be local to the LAN.
  • The router at 192.168.168.254 must have a default route pointing to the firewall's LAN IP address (192.168.168.168) for the secondary subnet to be able to access the Internet through the SonicWall's connection.
  • You can also establish static routes for the WAN, DMZ and additional interfaces as applicable, but only if the gateway router involved is a second router, not the main WAN Gateway router, for which you will not need static routes.

Related Articles

  • What wireless cards and USB broadband modems are supported on firewalls and access points?
    Read More
  • How to export and import connection profiles in NetExtender
    Read More
  • Unable access High availability idle device using monitoring IP address
    Read More

Categories

Firewalls
TZ Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall NSA Series
Firewalls
NSv Series
Firewalls
NSa Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo