DHCP Relay not working in MR5

We had the same issue except that we have blocked our entire network!

We have two XG330 in HA and breaking the HA to revert the firmware makes me totally angry.

The DHCP relay doesn't work and the firewall blocks answers from DHCP server.

After more than one year of developing XG platform and even no tools to translate SG rules to XG, this isn't a professinal approach for what it might considered a high end firewall!

We are considering to move our 4 firewall setup to a more *enterprise class* hardware sucha as Palo Alto.

Anyone from Sophos can quickly solve this issue!?!

Davide

Hello, we had the same issue.

when we check this option, the problem was solved.

Really weird.

Anyone knows if in the latest version, this is solved?

This issue only happends when you use DHCP relay over VLAN Interface.

This issue in not fixed in MR-6, but I know there is an Internal bug ticket on this and a fix developed.

My guess  is that they need to test it some more andwill then release it, maybe in MR-7 or as a hotfix? 

I can also confirm the issue is known and has an internal ID of NC-19984 and NC-17164. The developers made a patch to try to correct the issue but it did not work. GES engineer installed it yesterday our our devices running MR6. I was also told they will not include the patch in any MR release as it will be fixed in V17 which is ridiculous to me. If they get a working patch, it will have to be installed after every update until V17 is released. As a workaround, what Rafael said does indeed work. Checking "Relay through IPSEC" works on MR6. Thanks Rafael for posting your workaround. It is certainly a very weird fix that had our GES engineer and myself both scratching our heads but at least it is working. I will update as I hear more from the GES engineer as he passed along the "Relay through IPSEC" workaround to the development team. Hopefully that will give the developers a better chance to pinpoint where the issue is.

Mike

It's strange that they don't fix the issue. Since they managed to break it during MR-5 and now they just don't care at all? Wait until version 17 is an insult to all the users of the XG since it clearly states that Sophos Dev team needs to be replaced and also there management.

I like your answer and I agree with your frustation. Bugs can exist and we know. This is another demostriation how XG needs a lot of improvement on CODE (primary).

I like your answer and I agree with your frustation. Bugs can exist and we know. This is another demostriation how XG needs a lot of improvement on CODE (primary).

Hi there,

I used to have perfectly working DHCP relay. And then I upgraded to V17-MR1 and it stopped working. I am seriously regretting the decision to upgrade. Do we know if there any known workaround in v17?

- Kamal 

I can confirm that we are experiencing the same issue on v17, but have not updated to MR1.  We have been going back and fourth with support and they have been telling us that it is our DHCP server configuration, but give no indication as to what configuration that might be.  They have also said their devs have tested this and it works without issue.

I will try the IPSec workaround and see if that resolves the issue. UPDATE: The IPSec tunnel option did not solve the problem.

I have run this same setup on other XG210s on v16 without issue, ASA 5515-X, and Palo Alto PA-500.  None of them have any issue providing this sort of functionality.  It's really frustrating to have support just push the issue off on the customer.  I used UTM for a few years at my previous job and loved it and the support we got.  That's why I moved from the Palo Alto and ASA to the XG platform.  I got so much value and performance from Sophos on UTM vs the others, but now it doesn't feel that way.