Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to set up Static Routes?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 4 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GreenToast
      last edited by

      Hello all,

      I need to set up a static route for certain traffic for a vpn connection. Hopefully here in enough information.

      For our business system I'm being told the following:

      "You will need to add a route in the PFSense that reads as follows: From Any to 10.8.10.0/24 for any-port, next-hop 192.168.1.1"

      Below is probably more than is needed, but I figure too much info is better than stinging out a topic to 10 pages asking questions back and forth.

      Our current hardware setup: We currently have a SonicWall unit for  that is acting as our firewall, router, and VPN connection for an offsite business system (we are required by the system provider to use this unit to connect to their system) for all traffic.  All internal, internet and VPN traffic is handled by this unit.

      Our planed future setup: Use the SG3100, we just got today, as out firewall and router (for all local and web traffic). Use the SonicWall for the vpn connection only.

      Our setup will have an unmanaged switch between the SG3100, the SonicWall and the cable modem. There will be a cable from the modem to the switch, from the switch to the SG3100, from the switch to the SonicWall and from the SonicWall to the SG3100.

      Any and all help will be GREATLY appreciated.

      On a side note: If I can use the "Opt1" port on the SG3100 for the connection to the SonicaWall, that will help with the rest of my network physical setup.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        I think, I've seen that post before.
        Have you got a second SG3100 now?

        @GreenToast:

        Our planed future setup: Use the SG3100, we just got today, as out firewall and router (for all local and web traffic). Use the SonicWall for the vpn connection only.

        Our setup will have an unmanaged switch between the SG3100, the SonicWall and the cable modem. There will be a cable from the modem to the switch, from the switch to the SG3100, from the switch to the SonicWall and from the SonicWall to the SG3100.

        A schematic drawing of your setup with IPs would bring some light in that here.
        Also a description what's the goal of the static route.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          "If I can use the "Opt1" port on the SG3100 for the connection to the SonicaWall, that will help with the rest of my network physical setup."

          Yeah you would connect any sort of other router via a transit network.. So yes using optX interface would be good for that.

          You then just create static routes down the transit network to use the sonicwall.

          But really with viragomann  here - drawing is worth 10K words.. Please draw up how your network is currently and how you believe it should look in FMO..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • G
            GreenToast
            last edited by

            I have attached an image showing our current and planned maps. The "Ports" list on the links to the SG3100 refer the ports on the SG3100 only. I hope this helps. The goal of the static route is: Our business system uses a terminal emulator to connect to an offsite server. I need to point all 10.8.10.0/24 traffic to the SonicWALL (Hopefully on OPT1 Port) and all other traffic to the WAN port. The reason for this is our business system provider requires us use their SonicWALL for the VPN connection. For their security reasons, we are not allowed to have any access to the SonicWALL to make any changes.

            network-map.jpg
            network-map.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              What network is on the wan port?  Your behind a cable modem so you get multiple public IPs from your ISP, or is that really a gateway doing nat?  and this wan network some rfc1918 space?

              Is that switch smart or just a dumb switch so your pfsense and sonic wall sharing the same layer 2 network?

              But sure such a setup is very possible,  But if you can not make any changes on the sonic wall you would have to nat the traffic..  And you would not be able to have 192.168.1 on your lan and your opt network.

              You would need your lan to usea different network than what sonicwall is currently using..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • G
                GreenToast
                last edited by

                The network on the WAN port is just the switch (Dumb switch)
                We currently have a single static IP but we will Have 5 once this is implemented.
                The purpose of the dumb switch on the WAN port is for connecting multiple devices to the Cable modem.
                The SG3100 will have one static IP and the SonicWALL will have its own.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Great.. What is that network behind the sonicwall… You can not route to it from pfsense if its going to be the same network as pfsense 192.168.1 lan network..  If you an not setup this sonic wall network, then the network you put behind pfsense is going to have to be something different.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • G
                    GreenToast
                    last edited by

                    Physically speaking, nothing is behind the SonicWALL. I will have its own ip address (Not sure what it will be just yet.) It will also no longer have DHCP turn on. its only reason to exist is to maintain the VPN tunnel to our business system.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      You stated you can not make changes to the sonicwall.. So you can get them to put whatever IP on it you want?  Will they be able to put routes on it for you?  Or you going to have to nat..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • G
                        GreenToast
                        last edited by

                        They will change its IP address. I assume it can be anything I want. The only routes they will set up on the SonicWALL is whatever they need for the vpn tunnel. I'm hoping to set up pfSense to route all 10.8.10.0/24 traffic to the SonicWALL and everything else will go through the SG3100.

                        1 Reply Last reply Reply Quote 0
                        • G
                          georgeman
                          last edited by

                          The planned configuration looks fine, but bear in mind that you would need to add static routes to the SonicWall as well so it can route the packets back. As is, the SonicWall does not know where your LAN segment is.

                          There are multiple solutions for this depending on how much you can tinker with the SonicWall. Your planned configuration is my favorite, but if you cannot add static routes on it, you can also NAT on pfSense's OPT1. Or you can leave the SonicWall directly hanging on you LAN (with some security considerations) and the single static route on pfSense would do the trick.

                          If it ain't broke, you haven't tampered enough with it

                          1 Reply Last reply Reply Quote 0
                          • G
                            GreenToast
                            last edited by

                            They will configure the sonicwall on there end i just need to make sure that pfsense is routing correctly on my end

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.