Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 679 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 19.5 WAN DHCP Client Option 61

TorvaFirmus

Hi,

I have been searching the forum. This question has come up many times over the years without an answer. Actually, there is one answer marked as correct stating that DHCP clients never send data to the server. This is obviously incorrect.

I have been going through the options on my XG firewall trying to find a way to set option 61 for the WAN DHCP client (https://datatracker.ietf.org/doc/html/rfc2132#section-9.14). But have not been able to find it.

Does a method exist where I can set option 61 for the firewall WAN DHCP client? If so, how can I do it.

Please don't post references to how the DHCP server works in Sophos XG firewall, because that doesn't help.

Regards,

William



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Vivek Jagad

    Sophos XG is the DHCP client on the WAN link. Option 61 is used by clients to authenticate with the ISP's DHCP server. I am asking how to configure the option for this WAN DHCP client. NOT the Sophos XG DHCP server.

    I see nothing in your response that answers the question.

Children
  • 0 in reply to TorvaFirmus

    I would challenge this situation: 

    According to the relevant RFCs, DHCP clients cannot configure their own DHCP options. Only the DHCP server is responsible for sending DHCP options to clients.

    RFC 2131, which defines the DHCP protocol, specifies that "the client receives the vendor options that the server has included in the DHCP message." In other words, the DHCP server is the only entity that can include vendor-specific options in the DHCP message, and the client can only receive and interpret these options.

    Similarly, RFC 2132, which defines the format of DHCP options, states that "DHCP options are defined by the server, not by the client." This means that the client cannot create its own DHCP options or modify the options provided by the server.

    Overall, the DHCP protocol is designed to be a client-server model, where the server is responsible for providing configuration information to the client. While the client can make requests for certain options, it cannot create or modify the options itself.

    __________________________________________________________________________________________________________________

  • 0 in reply to TorvaFirmus

    We regret that we fail to understand the requirement, if I now understood correctly you want to configure the option 61 on the client and here the client will be the Sophos Firewall correct ? May I know what will be the upstream device ISP router ? Can you share the Topology ? 
    Regarding the DHCP this is everything you need to know about - https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Network/DHCP/index.html  And I doubt if we can configure the DHCP option on clients

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    I know nothing about the ISP except that it is Sky (Sky.com). And they use this option for the client hubs to authenticate with their servers. Unfortunately the hubs provided by Sky do not have a modem option, and I want to avoid a double NAT scenario. Searching through the forum, it is easy to see that this question has come up over and over again without an answer.

    As I see it, my options are as follows:

    1) Use Sophos XG as the DHCP client and configure Option 61

    2) Buy a second router that supports Option 61 in the DHCP client and then connect this to my Sophos XG firewall.

  • 0 in reply to LuCar Toni

    I am not here to debate. I have a real world problem and I am asking for help.

    http://www.georgebuckingham.com/sky-fibre-router-vdsl-password

  • +1 in reply to TorvaFirmus

    Then this is not supported by SFOS right now. 

    __________________________________________________________________________________________________________________

Unfiltered HTML