DHCP Relay

Question

After the update to 19.0 DHCP Relay did not work anymore. The clients were no longer assigned an IP address. After I opened all DHCP Relay settings on Sophos XG and saved them again (without any change) it works again. I hope this was a one-time "update" problem and does not happen again after every failover...

This thread was automatically locked due to age.

LuCar Toni · Answer

Likely it is actually a Flood Prevention of DHCP Relay and not a Bug. 
 The point is: DHCP Relay has a Builtin Feature called Flood Protection. 
 If the DHCP Server was not reachable for the first DHCP requests, the relay will stop for some time to prevent a DHCP storm to the Servers. 
 This prevents networks to go down from DHCP floods of requests which nobody answers. 
 All the cases, i worked in, this was the case. The DHCP server was not reachable or did not answer for some reasons. 
 And this screenshot actually makes me wonder: Why are there so many requests in this window? 
 A Tcpdump of those requests in the affected area would help to see, who to blame. DHCP Relays work with the DHCP agent IPs. This means, if the server answers incorrectly, this could cause this. Only proveable in a tcpdump.

LHerzog · Answer

our case is closed now until the next time it happens. Sophos Support is now requesting more information. I post it here so someone else can collect that logs and dumps when the issue occurs. This is regarding your service request number 05158330. The below information will help us to proceed with troubleshooting the issue faster. Please provide us with the following information so we can provide you with the solution at the earliest. Please share the output of the below commands in both working and non-working scenario and share the timestamp with us whenever the issue happened. 1) ps -w | grep dhcre Please note down a MAC address of any one system and please the collect below in both working and non working scenarios. 2)Wireshark Pcap from the affected system. 3) Please share the tcpdump, conntracks, and drop capture on XG | this needs to be collected on port 67 and port 68 , use 67 or 68 i syntax, please go through the below commands just for your reference. (Please open multiple putty sessions and collect the logs simultaneously). In putty session 1: #tcpdump -nei any host and port 67 or port 68 (Destination IP is which we are pinging) In putty session 2: Console> drop-packet-capture 'host and port 67 or port 68 Or #drppkt host and port 67 or port 68 In putty session 3: #mount -w -o remount / #cish Console> tcpdump verbose filedump count 10000 'host and port 67 or port 68 -s0 (At the time of issue and once we have 30-40 Packets, press Ctrl + C) #exit #cp /tmp/data/tcpdump.pcap /usr/share/userportal/tcpdump.pcap Open Web Browser and enter: x.x.x.x:4444/tcpdump.pcap [Replace with your Firewall IP and admin Port] Go back to the Advanced Shell of the XG Firewall and then run the following command. Note: It is important to run this command before closing the PuTTY session. rm -rf /usr/share/userportal/tcpdump.pcap mount -r -o remount / In putty session 4: #cd /log #csc custom debug #tail -f csc.log In putty session 5: #conntrack -L -d In putty session 6: #cd /log #tail -f networkd.log 4)Please share the network topology along with IPSchema if possible 5)Please upload all logs on FTP server mentioning detailed time-stamps. cd / tar -cvzf tmp/AllXGLogss.tar.gz log/* curl --insecure --ftp-ssl ftp://ftp.sophos.com:990 -u xxx:xxx -T '/tmp/AllXGLogss.tar.gz'

DHCP Relay

Top Replies

Submitted a Tech Support Case lately from the Support Portal?