Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 1277 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Relay

Bjoern Mueller

After the update to 19.0 DHCP Relay did not work anymore. The clients were no longer assigned an IP address. After I opened all DHCP Relay settings on Sophos XG and saved them again (without any change) it works again. I hope this was a one-time "update" problem and does not happen again after every failover...



This thread was automatically locked due to age.
Parents
  • 0

    Hey, ah, so this bug is still there in v19. I expected this. We're having it since moving from v17 ti v18.

    Sometimes DHCP Server on XG will fail, sometimes DHCP Relay to Windows Server will fail.

    Re-Saving does not help on our XG, we need to delete and recreate a random DHCP Server or Relay to get it working again.

    Have a case open currently but no technical feedback after weeks.

    05158330 / 05128430

    I ask you to open a case and refer to my case no#

    do you have CheckMK?

    We can see it in the DHCP Statistics on our Windows DHCP Server for Relay.

    issue start= clients not getting DHCP address

    issue fixed= we recreated one of a dozend DHCP Relays on XG

Reply
  • 0

    Hey, ah, so this bug is still there in v19. I expected this. We're having it since moving from v17 ti v18.

    Sometimes DHCP Server on XG will fail, sometimes DHCP Relay to Windows Server will fail.

    Re-Saving does not help on our XG, we need to delete and recreate a random DHCP Server or Relay to get it working again.

    Have a case open currently but no technical feedback after weeks.

    05158330 / 05128430

    I ask you to open a case and refer to my case no#

    do you have CheckMK?

    We can see it in the DHCP Statistics on our Windows DHCP Server for Relay.

    issue start= clients not getting DHCP address

    issue fixed= we recreated one of a dozend DHCP Relays on XG

Children
  • 0 in reply to LHerzog

    Likely it is actually a Flood Prevention of DHCP Relay and not a Bug.

    The point is: DHCP Relay has a Builtin Feature called Flood Protection. 

    If the DHCP Server was not reachable for the first DHCP requests, the relay will stop for some time to prevent a DHCP storm to the Servers. 

    This prevents networks to go down from DHCP floods of requests which nobody answers. 

    All the cases, i worked in, this was the case. The DHCP server was not reachable or did not answer for some reasons. 

    And this screenshot actually makes me wonder: Why are there so many requests in this window? 

    A Tcpdump of those requests in the affected area would help to see, who to blame. DHCP Relays work with the DHCP agent IPs. This means, if the server answers incorrectly, this could cause this. Only proveable in a tcpdump. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I have provided full network dumps to the case while the issue was happening.

    we have IPS Flood protection disabled on that XG

    This happens throughout the day. I would say from my monitoring, there were no enormous high DHCP requests.

  • 0 in reply to LHerzog

    The Flood Protection is not the UDP Flood Protection. Instead a Flood Protection of the own service. 

    So if you have a tcpdump, you should see the incoming requests, the forwarded Requests with DHCP agent IP and the packets going back. Where is the issue sitting in terms of DHCP Relay? Why is the client still requests? 
    You can read about DHCP Relays here: https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/understanding-dhcp-relay-agents#:~:text=Relay%20Agent%20IP%20address%3A%20The,DHCP%20Discover%20message%20was%20received.

    __________________________________________________________________________________________________________________

  • 0 in reply to LHerzog

    Good to know; but I have given up opening cases with Sophos. It's like talking to my wall, so it's a waste of time. Only this forum offers some help - with special thanks to LuCar Toni - but Sophos support doesn't even deserve that name (and yes I have the Enhanced Pro Plus or whatever it's called)

  • 0 in reply to Bjoern Mueller

    The community cannot create Bug IDs. So if there is a issue, it has to go through deeper analyse with Support to get a Bug ID and sorted out. It has to be the go to for all scenarios. But issues like this is always hard to figure out, if you could resolve them by yourself by reapplying the config. Because no product has extended reporting and logging enabled all the time. So to figure out what happen, it is a nightmare for a support after the incidence in every product. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Totally get your point. It's just our overall experience with the support - not only regarding this case. But no need to discuss here. I gave up as i said... But another "thank you" to you, cause your comments help us a lot...

  • 0 in reply to LHerzog

    Hi - reviewed your provided case ID's and it could possibly be tied to Development ID NC-86351. Once you've provided the output & pcap requested, please let us know and we can help escalate the case if needed.

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?