Thread Info
  • State Verified Answer
  • +14 person also asked this people also asked this
  • Locked Locked
  • Replies 139 replies
  • Answers 4 answers
  • Subscribers 63 subscribers
  • Views 73156 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Losing DHCP Gateway

Larnel Hight

This problem started with 17.5.0 GA.  The firewall is handling DHCP for my lan.  Users have started to lose the default gateway(the Firewall) randomly throughout the day.  I have to either reset the switch or the desktop network adapter in order to regain internet connectivity.  This does NOT happen to all users at the same time.

I updated to XG 115 SFOS 17.5.5 MR5 but the problem still exists.  This actually introduced another problem of not being able to access the gui from Sophos Central, but that's not as pressing.  Any thoughts on this would be appreciated.

Thanks

Larnel



This thread was automatically locked due to age.
Parents
  • 0

    Do other people mark this as solved with MR8? I still have the feeling that this issues is there.

     

    I'm getting a IP,gateway and dns from DHCP but I'm not able to ping to the internet directly, pinging our browsing a local SMB share works instantly. Looks like DNS is not able to resolve right away. We use our internal server for DNS.

     

    After a ipconfig /renew command it is working again, our just wait a few minutes that also solves the problem.

  • 0 in reply to TonV

    Mine has been good for about a month since i switched to the old dhcp method. I looked today and there is a new firmware update but the only fix it mentions closest to the problem is about wifi. 

    "NC-48031 [Interface Management] Wifi client did not get gateway and other config after reboot until enable and re-enable the wifi on client."

    Leter I will upgrade which I heard defaults back to the new method and then I will see what happens.  Here is the rest about the latest firmware update.

     

    A new firmware 17.5.8 MR-8 is available. We strongly recommend that you upgrade the device.
    Version
    • SF 17.5 MR8 (17.5.8.539)
    News
    • Maintenance Release.
    Resolved issues
    • NC-47055 [Authentication] Support >48 characters password length for Radius Server.
    • NC-46680 [Certificates] Completing CSR with certificate breaks SSL VPN.
    • NC-48512 [Dynamic Routing (PIM)] Multicast traffic getting stopped after update of interface.
    • NC-39749 [Email] Use FQDN in Quarantine Digest.
    • NC-40831 [Email] Add capability to increase size of Mail Quarantine area in UI.
    • NC-45305 [Email] SPX related reports not being displayed on the GUI .
    • NC-48542 [Email] Potential RCE via arbitrary file creation vulnerability.
    • NC-49003 [Email] Custom ports for SMTP proxy stopped working after 17.5.
    • NC-46938 [FQDN] FQDNd doesn't update/create ipset.
    • NC-46401 [Import-Export Framework] "/conf" partition is at 100% .
    • NC-47095 [Interface Management] TSO changes are not permanent in HA.
    • NC-48031 [Interface Management] Wifi client did not get gateway and other config after reboot until enable and re-enable the wifi on client.
    • NC-48487 [IPS Engine] Postgres taking high CPU.
    • NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting.
    • NC-46079 [Logging Framework] Garner coredump on aux node following upgrade to 17.5 MR3.
    • NC-46780 [Logging Framework] Reports not being generated when Email Notification feature is enabled.
    • NC-46879 [Sandstorm] Add support for Sandstorm's Frankfurt data centre.
    • NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule.
    • NC-43625 [UI Framework] Adding VLAN interface fails in IE in HA Active-Active mode.
    • NC-45371 [UI Framework] Incorrect UI behavior for Web User Activities.
    • NC-45495 [Web] Policy Tester UI and overlay issues.
    • NC-45724 [Web] Full file download retry failure after 416 (Range Not Satisfiable) being returned by proxy.
    • NC-47626 [Web] Web category "Hacking" should be classified as "Objectionable" instead "Acceptable".
    • NC-47075 [Wireless] Export of the WirelessAccessPoint does not contain the Group .
    • NC-47115 [Wireless] WirelessAccessPoint includes the wrong value for .
    • NC-47738 [Wireless] XML import is failing for wireless config failing when RADIUS Server and Pending Access Points data is present in import file
  • +2 in reply to JacobRodriguez

    I run MR8 on new DHCP method since MR8 was released.

    Runs smoot up to now.

    Paul Jr

  • 0 in reply to Big_Buck

    Big_Buck said:

    I run MR8 on new DHCP method since MR8 was released.

    Runs smoot up to now.

    Paul Jr

     

     

    I AM SMOOT!!  Thank god our appliances cannot speak [:P]  [;)]

  • 0 in reply to BLS

    Our Ip phone subnet was down this morning.  Oops ...

    Revert back to Old method ...

    Paul Jr

  • 0 in reply to Big_Buck

    Thanks for posting. So apprently the fix they did this version MR8 was literally only for wifi like it said... was hoping for it to be across all lan

Reply Children
  • 0 in reply to apalm123

    I reverted back to OLD method as a preventive measure.  DHCP still failing is not a certainty by no mean.  We'll see if that subnet/interface freezes again tomorrow.

    Paul Jr 

  • 0 in reply to Big_Buck

    Oh interesting okay so maybe it's something else or maybe it's DHCP issue again in newest firmware. Off topic, but I know there's a command to disable SIP ALG which helped me once with VOIP subnet issues like that.

  • 0 in reply to apalm123

    Could not observe this issue on LAN anymore. The bug title is a little bit of, so it means, it should be resolved for both clients. 

    Sophos DEV found this issue first in Wireless clients, so the description was "wifi clients". But it was also fixed for LAN clients (basically the DHCP Server got fixed).

    My XGs runs with new. 

     

    Did somebody else observe this issue in new? 

     

     

    SIP: https://community.sophos.com/kb/en-us/123523

  • 0 in reply to LuCar Toni

    I updated another client that was previously still on release 17.0, I did not have this issue before after the update to MR8 I have new clients via wifi that seem to receive a IP, subnet, gateway and DNS but cannot resolve DNS right away. It takes a few minutes or disabling enabling the wifi adapter to fix this.

     

    So for me it does not seem resolved.

     

    The wifi runs via Sophos AP55c with firmware 11.0.009 and is bridged to AP lan. Our windows server is set as DNS.

  • 0 in reply to TonV

    Hi Tony,

    how does your Windows server DNS relate to the XG DNS? Doesn't sound like a DHCP issue but more of a DNS configuration issue.

    Ian

  • 0 in reply to TonV

    Hello

    Here there's always 15 minutes glitches when DHCP is reset while desktops and all are still running.  Additionally, my old HP switch used to have ARP table headaches on DHCP reset.

    So when I do things like these, it's always after-hours, or minimally at lunch.

    Paul Jr

  • 0 in reply to rfcat_vk

    I have this issue on multiple sites, before upgrade to MR8 I don't have any issues and after upgrading to MR8 i have. So there is something that has happened after 17.5.5 was released that caused this.

     

    I also have a few clients still before 17.5.4 and they have the same setup, windows 2016 as DNS with zero problems. I am sure that whenever I will update their XG I will have the exact same issue.

    On one site with a XG set as DNS on 17.5.8 I have not yet encountered this issue, so it seems like an issue where the DNS is on another device maybe?

     

    Internet rule is set to LAN to WAN any any with http scanning and generalpolicy IPS

  • 0 in reply to TonV

    We need to figure out, if you basically have this issue or something else.

     

    Can you find a MR8 XG with Clients behind it with following symptoms: 

    ifconfig shows a IP but no DNS / Gateway IP

    ipconfig /renew resolves this issue for this client

    Some clients not all clients are affected at the same time?

  • 0 in reply to LuCar Toni

    Hi Tony,

     

    When this issue occurs then the client got a IP,gateway and dns.

    A renew fixes it right away, or disablen/enabling the nic also does the trick.

     

    Clients that are on have no issues, only when they boot up this occurs. Lease is set to default which is 8 days.

     

    Most users don't notice this, because they can browse the network shares just fine, and by the time the open a webbrowser it has already fixed itself (because it takes maybe 2 minutes to be able to ping the "outside world")