DHCP Relay

Hi,

I have the same problem, but resaving or recreating the rules does not help. I had to roll back to 18.5.3 to get it working again.

Two of our 5 XGs are affected, the structure of our networks are exactly the same. The affected sides are twice as big as the not affected.

@LHerzog Are there any news about your tickets?

@LuCarToni Is it possible to configure the Flood Protection for the DHCP-Relay?

our case is closed now until the next time it happens. Sophos Support is now requesting more information.

I post it here so someone else can collect that logs and dumps when the issue occurs.

This is regarding your service request number 05158330.
 
The below information will help us to proceed with troubleshooting the issue faster. Please provide us with the following information so we can provide you with the solution at the earliest.
 
 Please share the output of the below commands in both working and non-working scenario and share the timestamp with us whenever the issue happened.
 
1) ps -w | grep dhcre
 
Please note down a MAC address of any one system and please the collect below in both working and non working scenarios.
 
2)Wireshark Pcap from the affected system.
 
3) Please share the tcpdump, conntracks, and drop capture on XG | this needs to be collected on port 67 and port 68 , use 67 or 68 i syntax, please go through the below commands just for your reference. (Please open multiple putty sessions and collect the logs simultaneously).
 
 
In putty session 1:
 
#tcpdump -nei any host <dest IP> and port 67 or port 68
 
(Destination IP is which we are pinging)
 
 
In putty session 2:
 
Console> drop-packet-capture 'host <dest IP> and port 67 or port 68
 
Or
 
#drppkt host <dest IP> and port 67 or port 68
 
In putty session 3:
 
#mount -w -o remount /
#cish
Console> tcpdump verbose filedump count 10000 'host <dst IP> and port 67 or port 68 -s0
(At the time of issue and once we have 30-40 Packets, press Ctrl + C)
#exit
#cp /tmp/data/tcpdump.pcap /usr/share/userportal/tcpdump.pcap
Open Web Browser and enter:  x.x.x.x:4444/tcpdump.pcap [Replace with your Firewall IP and admin Port]
Go back to the Advanced Shell of the XG Firewall and then run the following command.
Note: It is important to run this command before closing the PuTTY session.
rm -rf /usr/share/userportal/tcpdump.pcap
mount -r -o remount /
 
In putty session 4:
 
#cd /log
#csc custom debug
#tail -f csc.log
 
 
In putty session 5:
 
#conntrack -L -d <dest IP>
 
In putty session 6:
 
#cd /log
#tail -f networkd.log
 
 
4)Please share the network topology along with IPSchema if possible
 
5)Please upload all logs on FTP server mentioning detailed time-stamps.
 
cd /
 
tar -cvzf tmp/AllXGLogss.tar.gz log/*
 
curl --insecure --ftp-ssl ftp://ftp.sophos.com:990 -u xxx:xxx -T '/tmp/AllXGLogss.tar.gz'

our case is closed now until the next time it happens. Sophos Support is now requesting more information.

I post it here so someone else can collect that logs and dumps when the issue occurs.

This is regarding your service request number 05158330.
 
The below information will help us to proceed with troubleshooting the issue faster. Please provide us with the following information so we can provide you with the solution at the earliest.
 
 Please share the output of the below commands in both working and non-working scenario and share the timestamp with us whenever the issue happened.
 
1) ps -w | grep dhcre
 
Please note down a MAC address of any one system and please the collect below in both working and non working scenarios.
 
2)Wireshark Pcap from the affected system.
 
3) Please share the tcpdump, conntracks, and drop capture on XG | this needs to be collected on port 67 and port 68 , use 67 or 68 i syntax, please go through the below commands just for your reference. (Please open multiple putty sessions and collect the logs simultaneously).
 
 
In putty session 1:
 
#tcpdump -nei any host <dest IP> and port 67 or port 68
 
(Destination IP is which we are pinging)
 
 
In putty session 2:
 
Console> drop-packet-capture 'host <dest IP> and port 67 or port 68
 
Or
 
#drppkt host <dest IP> and port 67 or port 68
 
In putty session 3:
 
#mount -w -o remount /
#cish
Console> tcpdump verbose filedump count 10000 'host <dst IP> and port 67 or port 68 -s0
(At the time of issue and once we have 30-40 Packets, press Ctrl + C)
#exit
#cp /tmp/data/tcpdump.pcap /usr/share/userportal/tcpdump.pcap
Open Web Browser and enter:  x.x.x.x:4444/tcpdump.pcap [Replace with your Firewall IP and admin Port]
Go back to the Advanced Shell of the XG Firewall and then run the following command.
Note: It is important to run this command before closing the PuTTY session.
rm -rf /usr/share/userportal/tcpdump.pcap
mount -r -o remount /
 
In putty session 4:
 
#cd /log
#csc custom debug
#tail -f csc.log
 
 
In putty session 5:
 
#conntrack -L -d <dest IP>
 
In putty session 6:
 
#cd /log
#tail -f networkd.log
 
 
4)Please share the network topology along with IPSchema if possible
 
5)Please upload all logs on FTP server mentioning detailed time-stamps.
 
cd /
 
tar -cvzf tmp/AllXGLogss.tar.gz log/*
 
curl --insecure --ftp-ssl ftp://ftp.sophos.com:990 -u xxx:xxx -T '/tmp/AllXGLogss.tar.gz'