Thread Info
  • State Verified Answer
  • +14 person also asked this people also asked this
  • Locked Locked
  • Replies 139 replies
  • Answers 4 answers
  • Subscribers 63 subscribers
  • Views 73254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Losing DHCP Gateway

Larnel Hight

This problem started with 17.5.0 GA.  The firewall is handling DHCP for my lan.  Users have started to lose the default gateway(the Firewall) randomly throughout the day.  I have to either reset the switch or the desktop network adapter in order to regain internet connectivity.  This does NOT happen to all users at the same time.

I updated to XG 115 SFOS 17.5.5 MR5 but the problem still exists.  This actually introduced another problem of not being able to access the gui from Sophos Central, but that's not as pressing.  Any thoughts on this would be appreciated.

Thanks

Larnel



This thread was automatically locked due to age.
  • 0

    The same thing is happening to me with 17.5.7,  However, I just switched to Google Fibre who changes the public ip every couple of days or something.  I thought that was the problem and Sophos was not picking up my new public ip and it could possibly be the problem because I lost connection after I rebooted the modem and I am guessing I got a new IP at that time.   It happened again this morning and I did not do anything but again maybe I got a new IP overnight.  Guess I will start tracking that.   So after I didnt have connection in the morning, I rebooted the Sophos and did ipconfig /release and renew and this fixed it.   Next time I will just to release renew to see what happens.

  • 0

    Can someone please tell me if you are able to still use all of the advanced dhcp options even with the dhcp method set to "old"? no issues?

     

    I'm planning to turn a few on for a vlan project on a new XG, not ordered yet, but I'm going to need to be in the old dhcp setting to avoid this other issue we are discussing.

  • 0 in reply to apalm123

    For my curiosity, what do you consider as "advanced option" in and XG DHCP ?

    Paul Jr

  • 0 in reply to Big_Buck

    These types of options: https://community.sophos.com/kb/en-us/123529

     

    This article describes the detailed configuration of DHCP Option Objects and their application to the static or dynamic DHCP scopes in Sophos XG Firewall. The DHCP server options feature provides support for all DHCP option objects, i.e., 1 to 255. This feature supports the following standards:

    • RFC 2131 - Dynamic Host Configuration Protocol
    • RFC 2132 - DHCP Options and BOOTP Vendor Extensions Standards
  • 0 in reply to apalm123

    Yes, but,  you are using CLI and not the GUI.  DHCP there is a module, possibly open source.

    When Sophos migrated their MTA to Exim, obviously, the CLI related to MTA functionalities must have changed significantly.  No ?

    Anytime someone is doing CLI in XG, he risks loosing setup if Sophos changes that module for something else.  Which may well happen when the core changes with v18.  Since it already happened with Exim and Strongswan.

    My two cents of theory.

    Anyone knows what open source code Sophos uses for that DHCP ?

    Paul Jr

  • 0 in reply to JacobRodriguez

    There is a bug in the current XG implementation of DHCP and you can choose to use the "OLD" or "NEW" methods of address assignment. Please read the full thread for details.

    Ian

  • 0 in reply to rfcat_vk

    That's the problem.  There's not much details.  Besides reverting to an obscure "old" method.  Because an obscure "new" method has problem.  No explaination since that bug appeared early april this year.

    Paul Jr

  • 0 in reply to apalm123

    Just to clarify, I am using Sophos XG on a DIY PC that I installed Sophos on.

    SO this morning I booted up 2 computers and had no internet.  Ipconfig showed I each PC had its normal private IP but no gateway.  Being tired of it, I went straight to the Sophos and changed to the old DHCP method by console>system dhcp conf-generation-method old .  I rebooted the Sophos and went ahead and did an ipconfig /renew on the PC's and everything was ok.  I turned on a 3rd PC that I had not turned on today and it had internet immediately after the old dhcp was turned on.  I will just have to wait and see if I have issues int he future.

     

    Here are my DHCP options after turning on the old method.

     

    --------------------------

    Sophos Firmware Version SFOS 17.5.7 MR-7

    console> system dhcp dhcp-options list
    Option Name Option Data Type
    =========================================================================================
    Time_Offset(2) Four Byte Numeric Value
    Time_Servers(4) Array of IP-Address
    IEN116_Name_Servers(5) Array of IP-Address
    Log_Servers(7) Array of IP-Address
    Cookie_Servers(8) Array of IP-Address
    LPR_Servers(9) Array of IP-Address
    Impress_Servers(10) Array of IP-Address
    Resource_Location_Servers(11) Array of IP-Address
    Host_Name(12) String
    Boot_Size(13) Two Byte Numeric Value
    Merit_Dump(14) String
    Swap_Server(16) IP-Address
    Root_Path(17) String
    Extension_Path(18) String
    IP_Forwarding(19) Boolean
    Non_Local_Source_Routing(20) Boolean
    Max_Dgram_Ressembly(22) Two Byte Numeric Value
    Default_IP_TTL(23) One Byte Numeric Value
    Path_MTU_Aging_Timeout(24) Four Byte Numeric Value
    Path_MTU_Plateau_Table(25) Array of Two Byte Numeric Values
    Interface_MTU(26) Two Byte Numeric Value
    All_Subnets_Local(27) Boolean
    Broadcast_address(28) IP-Address
    Perform_Mask_Discovery(29) Boolean
    Mask_Supplier(30) Boolean
    Route_Discovery(31) Boolean
    Router_Solicitation_Address(32) IP-Address
    Trailer_Encapsulation(34) Boolean
    ARP_Cache_Timeout(35) Four Byte Numeric Value
    IEEE802_3_Encapsulation(36) Boolean
    Default_TCP_TTL(37) One Byte Numeric Value
    TCP_Keepalive_Interval(38) Four Byte Numeric Value
    TCP_Keepalive_Garbage(39) Boolean
    NIS_Domain(40) String
    NIS_Servers(41) Array of IP-Address
    NTP_Servers(42) Array of IP-Address
    Vendor_Encapsulated_Options(43) String
    Netbios_DD_Server(45) Array of IP-Address
    Netbios_Node_Type(46) One Byte Numeric Value
    Netbios_Scope(47) String
    Font_Servers(48) Array of IP-Address
    X_Display_Manager(49) Array of IP-Address
    DHCP_Requested_Address(50) IP-Address
    DHCP_Lease_Time(51) Four Byte Numeric Value
    DHCP_Option_Overload(52) One Byte Numeric Value
    DHCP_Message_Type(53) One Byte Numeric Value
    DHCP_Parameter_Request_List(55) Array of One Byte Numeric Values
    DHCP_Message(56) String
    DHCP_Max_Message_Size(57) Two Byte Numeric Value
    DHCP_Renewal_Time(58) Four Byte Numeric Value
    DHCP_Rebinding_Time(59) Four Byte Numeric Value
    Vendor_Class_Identifier(60) String
    DHCP_Client_Identifier(61) String
    NWIP_Domain(62) String
    NISPlus_Domain(64) String
    NISPlus_Servers(65) Array of IP-Address
    TFTP_Server_Name(66) String
    Bootfile_Name(67) String
    Mobile_IP_Home_Agent(68) Array of IP-Address
    SMTP_Server(69) Array of IP-Address
    POP_Server(70) Array of IP-Address
    NNTP_Server(71) Array of IP-Address
    www_Server(72) Array of IP-Address
    Finger_Server(73) Array of IP-Address
    IRC_Server(74) Array of IP-Address
    Streettalk_Server(75) Array of IP-Address
    Streettalk_Dir_Asst_Server(76) Array of IP-Address