Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 4386 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All DHCP request are blocked from port 68 -> 67

Dom Nik

Hi all,

I'm seeing blocked DHCP requests like the following from time to time in the log:

2019-07-02 21:12:33Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port1.123" out_interface="" src_mac="xx:xx:xx:xx:xx:xx" src_ip="0.0.0.0" src_country="" dst_ip="255.255.255.255" dst_country="" protocol="UDP" src_port="68" dst_port="67" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"

Somehow my clients are working correctly (except for the known Gateway bug) and getting leases from my DHCP servers configured in XG.

But now I got a device that cannot get an IP from the DHCP at all. It is constantly blocked with messages like the one above.

How can this be solved?

(I'm running MR6 and I've activated the old conf-method for dhcp recently.)

Thanks and Best Regards

Dom Nik



This thread was automatically locked due to age.
Parents
  • 0

    Hi Dom,

    ports 67 and 68 broadcast and what you are seeing is the XG dropping those ports under rule 0. They are not an issue and you can ignore them or even disable the logging of port 0 rule data.

    If one device is not receiving an IP assignment, maybe you have run out of addresses?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Ian,

    thanks for your reply.

    It‘s my VLAN for Guest WiFi with 50 addresses, none of them is in use right now.

    Assigning a fixed address to the devices‘ MAC outside the DHCP range was not working either.

    If the logging is not showing the problem, how could I analyse the problem any further?

    Best Regards

    Dom

Reply
  • 0 in reply to rfcat_vk

    Hi Ian,

    thanks for your reply.

    It‘s my VLAN for Guest WiFi with 50 addresses, none of them is in use right now.

    Assigning a fixed address to the devices‘ MAC outside the DHCP range was not working either.

    If the logging is not showing the problem, how could I analyse the problem any further?

    Best Regards

    Dom

Children
  • 0 in reply to Dom Nik

    Hi Dom,

    what you are saying is the device is not connecting the wifi correctly.

    The firewall only blocks outgoing traffic, not traffic within the internal network.

    In the logviewer look at the system view. Please post the full log entry showing the attempt failure.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Ian,

    I solved the problem tonight.

    The blocked broadcast traffic was misleading a bit, but in fact it's not an issue on Sophos XG side.

    I had to disable "Block LAN to WLAN Multicast and Broadcast Data" (whitelisted the MAC of my XGs interface) in my Ubiquiti UniFi definition of the guest network. Somehow this one specific device had issues with this...

    Thanks a lot :-)

    Best Regards

    Dom

Unfiltered HTML