Disable BOOTP Protocol

Do you mean disable it for the XG or stop it on the network? It appears that BOOTP and DHCP both use the same ports (TCP/UDP ports 67 and 68), but you should be able to make a firewall rule to only allow packets to ports 67 and 68 that are directed to your DHCP server -- which could be your XG or another machine.

Then make sure your DHCP server doesn't also service BOOTP. Probably the default for other servers. For the XG I think you simply would not fill in the Boot Host name in the XG's settings (Network > DHCP > Boot Options > Next-Server) and leave the Boot File field empty. I don't see how the XG could service BOOTP with those two fields empty.

Do you mean disable it for the XG or stop it on the network? It appears that BOOTP and DHCP both use the same ports (TCP/UDP ports 67 and 68), but you should be able to make a firewall rule to only allow packets to ports 67 and 68 that are directed to your DHCP server -- which could be your XG or another machine.

Then make sure your DHCP server doesn't also service BOOTP. Probably the default for other servers. For the XG I think you simply would not fill in the Boot Host name in the XG's settings (Network > DHCP > Boot Options > Next-Server) and leave the Boot File field empty. I don't see how the XG could service BOOTP with those two fields empty.

Hi.

I want disable BOOTP protocol on Sophos XG. Sophos XG reply to DHCP/BOOTP, it's a good option disable BOOTP and leave only DHCP replys.

It would be best security practice, I agree. But is it actually interfering with anything, like a BOOTP client on your network not being able to boot from your actual BOOTP machine server? If you have a BOOTP server you can put its address in the XG and the XG will reply with the proper BOOTP server, which is what you want.