DHCP Relay not working in MR5

We had the same issue except that we have blocked our entire network!

We have two XG330 in HA and breaking the HA to revert the firmware makes me totally angry.

The DHCP relay doesn't work and the firewall blocks answers from DHCP server.

After more than one year of developing XG platform and even no tools to translate SG rules to XG, this isn't a professinal approach for what it might considered a high end firewall!

We are considering to move our 4 firewall setup to a more *enterprise class* hardware sucha as Palo Alto.

Anyone from Sophos can quickly solve this issue!?!

Davide

Hi All,

who can, open a ticke with Support and report here back the ticket iD.

Aditya Patel can you check internally if this is a know bug or need further investigation?

Davide, the first release was not successful at all. I agree with you. Now we are waiting for an advanced improvement (v17). Take note that every vendor has its pros and cons. All of them have bugs!

Regards

Sure every vendor has pros and cons...but guys...I have blocked my entire network just after a RECOMMENDED update!

There's really something not working well in the Sophos QA department, I guess you agree with me.

Thank you anyway for taking care of this. I have opened a case.

Davide

HI Davide, 

Kindly access the advanced shell through SSH and go to the /log directory and run this command:
tail dhcpd.log and copy it and paste in notepad and send it to us for investigation.

Is the DHCP Relay working in 16.5.6?

We had the same problem and made a rollback too. It is annoying that you cannot rollback while in HA setup.

Julian

Hello, we had the same issue.

when we check this option, the problem was solved.

Really weird.

Anyone knows if in the latest version, this is solved?

This issue only happends when you use DHCP relay over VLAN Interface.

This issue in not fixed in MR-6, but I know there is an Internal bug ticket on this and a fix developed.

My guess  is that they need to test it some more andwill then release it, maybe in MR-7 or as a hotfix? 

I can also confirm the issue is known and has an internal ID of NC-19984 and NC-17164. The developers made a patch to try to correct the issue but it did not work. GES engineer installed it yesterday our our devices running MR6. I was also told they will not include the patch in any MR release as it will be fixed in V17 which is ridiculous to me. If they get a working patch, it will have to be installed after every update until V17 is released. As a workaround, what Rafael said does indeed work. Checking "Relay through IPSEC" works on MR6. Thanks Rafael for posting your workaround. It is certainly a very weird fix that had our GES engineer and myself both scratching our heads but at least it is working. I will update as I hear more from the GES engineer as he passed along the "Relay through IPSEC" workaround to the development team. Hopefully that will give the developers a better chance to pinpoint where the issue is.

Mike

It's strange that they don't fix the issue. Since they managed to break it during MR-5 and now they just don't care at all? Wait until version 17 is an insult to all the users of the XG since it clearly states that Sophos Dev team needs to be replaced and also there management.

I like your answer and I agree with your frustation. Bugs can exist and we know. This is another demostriation how XG needs a lot of improvement on CODE (primary).