Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=routing-static-routing-add-unicast-route

Add a unicast route

You can configure the firewall to forward IPv4 and IPv6 unicast traffic.

Add a route

To add a unicast route, do as follows.

  1. Go to Routing > Static routes.
  2. Under IPv4 unicast route, click Add.
  3. Specify the destination IP address and subnet. You can enter an IP or network address.
  4. Under Gateway IP, enter the IP address of the next hop or gateway router to route packets to the destination IP address.

  5. Under Interface, select the interface through which traffic must exit.

    The firewall first matches the interface, then the gateway that can reach the destination.

    You can also select Blackhole to drop all traffic without notifying the source. If dynamic routing protocols, such as RIP, OSPF, and BGP, are configured to redistribute static routes, blackhole static routes also get redistributed. To avoid this, filter the blackhole static routes for each dynamic routing protocol.

    Note

    ARP requests are sent to identify the interface over which the destination IP address behind the peer RED is reachable. To make sure these requests reach the destination network, don't select an interface. Under Gateway, enter the IP address of the peer RED interface.

  6. Under Administrative distance, enter a number.

    The administrative distance is used to determine the preferred route when multiple routing protocols provide routes to the same destination. Lower values have higher priority.

    Example

    A route with an administrative distance of 1 is preferred over a route with a distance of 5.

  7. Under Metric, enter a number.

    The metric is used to determine the preferred route when multiple static routes have the same administrative distance. Lower values have higher priority.

    Example

    If two routes have the same administrative distance, the firewall selects the route with a metric of 10 instead of 20.

    Note

    To load-balance traffic to a destination over static IPv4 unicast routes, make sure the routes have the same administrative distance and metric values.

  8. Optional: Under Description, enter a route description.

  9. Click Save.
  1. Go to Routing > Static routes.
  2. Under IPv6 unicast route, click Add.
  3. Enter the destination IP address and prefix. You can enter an IP or network address.
  4. Under Gateway IP, enter the IP address of the next hop or gateway router to route packets to the destination IP address.

  5. Under Interface, select the interface through which traffic must exit. The firewall first checks the interface and then the gateway.

    Note

    ARP requests are sent to identify the interface over which the destination IP address behind the peer RED is reachable. To make sure these requests reach the destination network, don't select an interface. Under Gateway, enter the IP address of the peer RED interface.

  6. Under Metric, enter a number. It determines the best route among static routes.

  7. Click Save.

Useful information

  • If an interface or tunnel restarts, the route table only shows interface routes, that is, static routes for which you selected an interface.
  • Gateway routes appear when the firewall matches traffic with the destination address and gateway, then selects an interface to route it through.