Thread Info
  • State Verified Answer
  • +14 person also asked this people also asked this
  • Locked Locked
  • Replies 139 replies
  • Answers 4 answers
  • Subscribers 63 subscribers
  • Views 73246 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Losing DHCP Gateway

Larnel Hight

This problem started with 17.5.0 GA.  The firewall is handling DHCP for my lan.  Users have started to lose the default gateway(the Firewall) randomly throughout the day.  I have to either reset the switch or the desktop network adapter in order to regain internet connectivity.  This does NOT happen to all users at the same time.

I updated to XG 115 SFOS 17.5.5 MR5 but the problem still exists.  This actually introduced another problem of not being able to access the gui from Sophos Central, but that's not as pressing.  Any thoughts on this would be appreciated.

Thanks

Larnel



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni

    On SFOS 17.5.7 MR7 Sophos Home licence

    iOS (iPad, iPhone) , Windows client are definitely affected. Those devices have static DHCP address on Sophos.

    But I couldn’t test all devices I have before changing it the “old” method

    Reverted to “old” method, all clients (iOS, Windows, MacOS,IOT...)work fine.

  • 0 in reply to deeptibhavsar

    Is this for Sophos XG hardware, white box, or both?

  • 0 in reply to LuCar Toni

    Hello LuCar Toni,

    This is in response to your question for details from those affected by the problem.  To begin, changing the DHCP generation method from NEW to OLD fixed the issue in the environment where we noticed degraded services. 

    In this environment, any device, regardless of type, appeared affected if it received a DHCP address, whether reserved or not.  Systems with statically assigned IP's (i.e., inter-networking devices, servers) were not affected.  Here are the device types:

    1. Windows 10 Workstations - This was difficult to diagnose as all workstations are exactly the same model.  My assumption and direction of attack was that this was a driver/hardware/OS-related problem.  Since the loss of the gateway was evident (the network connection icon presented a yellow caution icon), a release and renew would generally fix the problem, sometimes not.  Even after a cold boot, there'd often be no gateway.
    2. Allworx VoIP Phones - Linux-based.  This was not readily evident.  It was the phones that clued me into the DHCP service not working correctly.  When VoIP calls routed from one network to another, the calls would initiate (starting at the VoIP server) but parties could not talk to each other.  Cycling the power on the phones would generally resolve the problem.
    3. Printers - All printers, a mixture of Brother, HP, and Konica-Minolta, would become inaccessible.  These include both wired and wireless printers.  Cycling the power would generally resolve the problem.
    4. No Apple, Android, or other IoT devices are present on the network.

    From the Windows machines, doing an IPCONFIG would show the gateway as empty.  What is really interesting is that sometimes all network traffic from the device seemed affected when the gateway would be lost.  I often could not ping the device from another machine nor could the user access internal resources, like file shares and databases.  It was usually the fact that they could not access their ERP server, housed on a local server on the same subnet as the workstations, that would result in a call to me, not the fact that they couldn't get to the internet.  It did not always result in a loss of traffic, only sometimes.

    Here's a network configuration overview:

    • Firewalls - XG210 w/HA at one site; XG135's w/HA at two remote sites
    • DHCP - Exclusively provided by Sophos firewalls 
      • Almost all objects possess reservations
      • No MAC filtering (no whitelisting/blacklisting)
      • Domain is specified
      • Multiple DHCP ranges established
      • Each DHCP range is distributed on unique VLAN
      • Via command line, specified option 66 for VoIP phone DHCP
    • DNS - Exclusively provided by Sophos firewalls
    • Sites connected through site-to-site VPN
      • No DHCP relaying
      • Each site on unique subnet

    The firewalls were purchased and installed at the beginning of June with version 17.5.5 image pre-loaded.  Each of the three sites experienced the problem since the introduction of the firewalls into the network.  Since changing the generation method to OLD, everything has been solid.  I've since updated each firewall to version 17.5.7 but left the generation method as OLD so I haven't any idea if the issue persists with version 17.5.7.

  • 0 in reply to Mark Koenig

    Thanks a lot for that wrapping Mark.  Very Helpfull.

    Paul Jr

  • 0 in reply to Mark Koenig

    Mark,


    Did you power off and power on XG devices after upgrading to MR7 ?
    And DHCP still works well in OLD mode ?

    Regards
    Jan

  • 0 in reply to JanSadlik

    It's perplexing how much troubles this feature-less DHCP brings. The only thing it provides is an IP address !!!  Absolutely nothing more.  How many lines of codes there is in a DHCP module ? Few hundreds ???  And you can find OpenSource code everywhere.  No need to re-write from A to Z.  There must be something I seriously miss here !!!

    This problem existed for many month now.  Is it gonna last a full year ?

    And for what it is, what is an "old" and "New" mode anyway ?  And why it is required for such a basic and simple DHCP task ? Anyone has a clue ???

    I am not that much hit since I'm using either static addresses or Windows Server DHCP.  But I'm getting very nervous for my IP phones.

    Paul Jr

  • 0 in reply to JanSadlik

    Hello Jan,

    After the upgrade, I just did a warm reboot.  Is it recommended to do a full power down?

    I upgraded to MR7 on 7/17 @ ~1:45 AM Arizona time.  I see no loss events on the handful of machines I've looked at so far.  The DHCP method is still OLD.  It appears to be working as expected.  Actually, I see absolutely no loss events since 7/10/2019 @ 6:30 PM when I changed the method to OLD. 

    As for it working well, yes, it appears it is.  All settings are propagated correctly, including option 66 for the phones.  I'm going to keep going through the log files on the devices to see if anything jumps out at me.  I'll report back when I'm done.

    Mark Koenig

  • 0

    Hi everyone

    I just update my XG125w to (SFOS 17.5.7 MR-7) version, and still presist that problem. ipconfig /renew is the solutions in workstations.

    the event then update it was in a workstations, for now.

     

    any help?

    carlos espinola

  • 0

    Throwing my info here because it's happening to me. Copied a backup to a new hardware, with the latest firmware and I now have this issue which I did NOT have before on 16.0.5

    Imported backup to XG105w rev 3 (SFOS 17.5.7 MR-7) from previous hardware XG105 rev2 16.0.5

    This is honestly turning me away from Sophos XG this is disgusting.

    It's as if the development team is in shambles and run by 2 people, and one is working on other stuff.

    Almost all computers at a client site (45) lost their default gateway this morning and they had to reboot all of them. We have all kinds of models, HP, Dell, Lenovo etc. The only computers that it didn't happen for were one I had a fixed IP on and another that is a Lenovo desktop (DHCP). 98% are Windows 10, latest build. The one that kept the default gateway the Lenovo is also Windows 10 latest build though.

  • 0 in reply to apalm123

    I should also add that just maybe, it is maybe related, but at 6am this morning, I also got an email alert: What happened: Firewall lost connection to Sophos Central.

    But that shouldn't make default gateway dissapear on client machines. and the internet was up just fine when everyone got in around 8-8:30 but the computers weren't connecting because of the default gateway issue.