Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.
This article describes the steps to workaround the issue when internal DHCP servers are used to obtain an IP addresses for wireless clients, which fails sometimes.
Applies to the following Sophos products and versions Sophos Firewall
Broadcast and Multicast traffic is (by definition, 802.11-2007) unreliable in wireless networks due to no retry-mechanisms. Furthermore, broadcast/multicast traffic is sent with 1Mbps by default, which occupies a lot of available airtime.
For the above reasons, Sophos access points limits the amount of broadcast frames (DHCP for example) per SSID when at least one client is in powersave mode.
Therefore, if you are using wireless networks in mode bridge to AP LAN, it is strongly recommended to reduce the amount of broadcast and multicast traffic on this network. Otherwise, performance issues and dropped broadcast traffic might occur.
Although by default, Microsoft's DHCP server is uses broadcast replies for DHCP, this behavior can be changed, refer to IgnoreBroadcastFlag for more details.
If it is not possible to change the DHCP server option to unicast, another possibility to fix the issue would be to change the wireless mode to Seperate Zone and use the Sophos XG Firewall's DHCP server instead.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.