'Default gateway does not belong to the same subnet...................." message while configuring static IPV4 on the NIC

Hi there,
I am running server 2008/2012 windows domain, win 8.1/10 clients.  I am in the process of making my Sophos firewall SG310 (10.10.10.6) being the default gateway for my users.
I am running three subnets:
10.10.10.0/24
10.10.2.0/23
10.10.10.0/23
On my DHCP server I am publishing 10.10.10.254 as my router address till now so my clients IPV4 config looks like:
IP address: 10.10.10.5
subnet mask: 255.255.255.0
default gateway: 10.10.10.254
DNS: .........
Whenever I make put into a test client the static IPv4 config as:
IP add: 10.10.10.5
subnet mask: 255.255.255.0
default gateway: 10.10.10.6  .......<<<<<<<<Sophos firewall SG310
It gives me 'DG does not belong to the same subnet............................................"

Purpose:
1)  I want each and every client's traffic on my domain to go through my Sophos firewall SG310 for fileting purposes
2) If any user purposely changes the IPV4 on a client to my previous settings with my router address as DG will not get the internet.

Physical:
My Sophos firewall sites behind my router and till now things work great as a firewall but for filtering I need to make this sophos firewall as a gateway.  
What should I do so that the subject warning is not generated and my Sophos firewall becomes the DG of my domain?

Need help
LVL 5
amanzoorNetwork infrastructure AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andy SCommented:
You have 2 overlapping subnets, 10.10.10.0/24 & 10.10.10.0/23 - i assume you're router is configured with the /23 subnet mask and the workstations are in the /24 - so they don't match and are prompting with the error - change one of the ranges and see how you go..

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
indeed, for a network you need to have all netmasks the same for the same (sub)net.
Use filters on a router to prevent other uses.
amanzoorNetwork infrastructure AdminAuthor Commented:
AndyS:
Thanks for the reply.  I will user /23 and let you know.

noci:
****Use filters on a router to prevent other uses****  if I can understand it well.  It means if a user changes to static IP with the default gateway of the router IP will not go on the internet.  If this is what it means, what is the command to enable this.   Need help
nociSoftware EngineerCommented:
If you want some systems (ip addresses) not reaching the internet you need filters on the gateway to the internet that block traffic for those systems.
You should have all systems use the same netmask, default gateway.

Changing the default gateway *SHOULD* break things, not get you more access.
amanzoorNetwork infrastructure AdminAuthor Commented:
Thanks guys.  Appreciate it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.