Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 13313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP RELAY issue after upgrading to MR-8

AntonioCorsini1

Hi all,

just closed a ticket with Sophos Support.

There is a confirmed bug (NC-20755). After uprading to MR-8, DHCP relays do not work properly.

I have a configuration the several VLANS, and DHCP relay configured to serve dynamic IPs.

A temporarily workaround was to delete the DHCP relay, and configure a DHCP server instead. And it works.

Sophos Support connected to the firewall in SSH to fix the issue. The problem will be solved int V17 rev 1.

Beware that an upgrade to V17 will erase this fix, that theoretically has to be reapplied to V17 also (and it should work, but not sure at the moment). If not, a rollback from V17 to V16 need to erase totally the XG and restore configuration from a backup. Not so easy.

Best regards



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to JacobAnderson

    Hi,
    I suppose that rev 1 will take some time.

    I opened a ticket, and the Support diagnosed the problem, then requested SSH access from remote to fix manually with some kind of scripts.

    Temporary workaround for me was to configure DHCP server on XG for specific VLANs, instead of DHCP relay.

    Best regards

  • 0 in reply to AntonioCorsini1

    Thanks Antonio!

     

    I found a work around for my lab environment, and thought I would share it.

     

    Since all of my machines are are virtualized I just added a nic for each vlan on my dhcp box via esx. 

     

    So in my case the dhcp server has 3 more network interfaces and the settings look like the following:

    IP Address: x.x.x.x

    Subnet Mask: x.x.x.x

    Default Gateway: this is left blank to ensure the primary nic is used for all traffic

     

    Preferred DNS Server: this is left blank as well

     

    That has me up and running again. I hope this solution will help someone else in need.

     

    Cheers

  • 0 in reply to JacobAnderson

    Hi,
    this could be a solution, but usually subnets that require DHCP service are DMZ that should not be allowed to access to a server on that should be connected to another network.
    With other works, you are bypassing the firewall, granted the access to that server without passing through the firewall. This, sometimes, is not a good idea.

    Example: guest network that should be isolated from Office network, BUT the DHCP server is on the Office server. Even if you protect the server with S.O. firewall, it is not a good idea...

    Best regards