Create IPsec route on Sophos Firewall

Normally, the firewall itself recognizes through which tunnel it should send the traffic. After all, you specified the remote network when you created the tunnel, so the information is known. At least with a policy-based VPN, with a route-based VPN, a static route must be created manually.

Now, if you have the problem that the firewall does not send the traffic through the IPsec tunnel, but into the WAN or somewhere else, you can create an IPsec route to define the path exactly.

To do this, connect to the Firewall Console and create the route:

system ipsec_route add host 10.33.46.69 tunnelname Azure_CH

system ipsec_route add net 10.33.46.0/255.255.255.0 tunnelname Azure_CH

To have a look at the routes, the following command helps:

system ipsec_route show