Sophos Central Admin US-West customers may experience performance and login issues. See Central Status for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
I have two networks at home, one for the house, one for the outbuildings. UTM uses the hostname to refer to a MAC/IP pair, and the hostnames must be unique. That means when i connect my wireless devices to the wireless LAN outside, they cannot use the assigned IP address as it is on a different physical network. I do not want any dynamic addressing for known devices. I see the following options:
1) use an MS DHCP server. this will do what I need out of the box (same MAC in multiple subnets) but I need a Windows server license, and it's stupidly expensive.
2) define the host twice using different names, once for each network, with an appropriate address in each case. It works, but it's inelegant and means I have to know which network a device is on to connect to it, because its DNS entry will be based on its logical location. This is another way of saying that the device's name is not the same as its DNS registration, and that is not a good design.
3) collapse the networks. Yes, I can, and it will work, but my UTM has 3 physical ports and it makes sense to use them like this. Most of the devices outside do not talk to the devices inside, hence the segmentation makes sense (to me anyway).
4) use a different DHCP implementation. Should work (no idea what to pick, nor how to configure it, but I'm a quick study) but that would mean I'm realistically going to need a DNS server too, and another VM to manage (both of which i'd also need for #1 in fact).
i don't particularly want any of these, as I want UTM to do everything and cope with my network design. Anyone have any suggestions as to how I can overcome this issue before I implement #3?
As an aside, why does UTM ignore the DHCPDECLINE messages that clients send back when they discover the IP they have been assigned is already in use? RFC 2131 requires a DHCP server to react to such a message (mark it as unavailable), and it seems odd that this would not be implemented.
As you may guess, i was caught out by doing things the Microsoft way, assigning static assignments from the pool. The reason noobs like me do this is because it's easy - you set up your scope, connect your devices, then use the obvious button to convert them to static mappings. Any easy way out for anyone failing to read the manual is to get your devices set up as statics, but change the scope as you do it (i.e. increase the start IP as you do each device, or group of leases). i have about 30 currently, my scope now starts at 31, and i have nothing in my lease table (if I do, it suggests a rogue client / server that needs investigating).