Sophos Central Admin US-West customers may experience performance and login issues. See Central Status for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
I've got a customer who has Virgin Media Superfast connection using their Superhub 3 router. I've switched this to modem mode, plugged in a laptop and can access the internet absolutely fine. If I connect the SG125 UTM, eth1 and set it as ethernet connection with a dynamic IP, the link/connection shows UP, I get a dynamic IP but cant access anything on the internet, cant even ping 184.108.40.206.
I've set many UTMs so have done the basics of masq rule, dns and know this isnt a simple fix.
So to cut a long story short, it seems other people have the same issue when using Cisco routers with Virgin. The solution is to clear the broadcast flag on the NIC that connects to the Virgin Media router with this command
"ip dhcp client broadcast-flag clear"
or disable broadcast flag on the NIC
My question is, how can this be done on the UTM, if it can? I've done some googling and trawling through these forums but not found anything
Many thanks in advance
It's been a long time since I was on VM (one of the first users when it was NTL)
I know then it was mac related. Have you tried rebooting the hub AFTER the UTM is plugged in?
You can also mimic the MAC Address under the hardware tab if needed.
In reply to Louis-M:
Thanks for your response Louis-M.
I've tried rebooting the hub after the UTM has been plugged in and no joy
I read about the mac and tried the VM router's mac address in eth1 interface virtual MAC and didnt make a difference BUT I didn't reboot either boxes after making that change.
Its really odd though as its clearly getting an IP address and connecting but in the system logs I see "dns-resolver: DNS server failed to contact!" even though in the DNS forwarder its picking up VM's DNS. I've tried unticking the forwards from ISP and putting Google, no joy and tried OpenDNS, no joy, have the same errors in system log.
What puzzles me is I can plug in a laptop and it works straight away without spoofing the Mac or anything so there is definitely something about how advanced firewalls like Cisco, Watchguard and Sophos UTM handle this.
In reply to bobcatbird:
Has anyone called the ISP tech support?
In reply to DouglasFoster:
clutch at straws here. See what the laptop is picking up with dhcp ie ip address, subnet, gateway etc and try putting them in the UTM manually and see what happens?
VM tech support was useless, they completely missed the point and blamed the UTM.
I've tried copying the laptops public IP, subnet, gateway and even Mac address, still no good.
Will log a call with Sophos, surely cant be the only one to run a UTM with VM.
If I get anywhere then ill post back the resolution
Ok, so been dealing with VM account manager that handles the customer and been told that they know there are issues and do not have a resolution for this. Amazing...no technical explanation or willingness to keep the customer so in a nutshell dont use VM with UTM at the moment.
I am on a 200Mb Virgin connection using the superhub in modem mode and UTM. All is working fine for me and never had any problems.
I don't remember doing anything unusual getting it set up - certainly not the commands in your original post. I think the only non standard bit of my original set up was using Google DNS rather than ISP.
Let me know if you want me to confirm any of my settings.
One thought - my superhub is Super Hub VMDG490 (i.e. 2ac), so maybe that behaves better than the 3?
In reply to RickAlderson:
Thanks for your post Rick. I dont get it myself other than VM support is shocking and I just cant see it else 1000s of businesses using Sophos, Watchguard, Cisco, etc would suffer the issue. Thankfully the customer has experienced issues with VM themselves and we're relocating the equipment to another site that is BT.
Shame because I was hoping to post a solution on here.
I'm moving to VM soon and know from years with Cabletel/ntlworld that you needed to clone the mac address previously. Guess I will find out soon :)
I'm double NAT'd at present with the Sky Hub since I cannot remove that from the equation.
i have a 200MB VM service, and I had the same issue with 9.412-2. I fixed it by factory-resetting the SuperHub 3 and putting it back in modem mode afterwards, although I think the that the issue is with the ISP's DHCP allocation. cloning the laptop's MAC address to the UTM external interface doesn't seem to help, so i wonder if passage of time is sufficient to make this go away.
I have had issues with VM's DHCP service in the past - i demonstrated to them that the service was at fault (it would issue an address to my CM, but only if i gave it a false MAC address), and they changed my modem to make it go away rather than fix the root cause.
Were you using the same LAN port. I think only LAN port active when in Modem Mode is the one nearest the VM cable, i.e. the bottom one.
In reply to MotoMoto:
Just about to suggest that. From what i've read, once in modem mode, only one specific port can be used.