Issue: dupplicate IP Address in DHCP release on Sophos SG330 UTM 9.6.0

I have a firewall SG 330 UTM 9.6.0x and it is DHCP for WiFi ( AP55C)

with network : 172.18.0.0/23

range from : 172.18.0.2-> 172.18.1.254

When i have "Make static" in Network Services -> DHCP -> IP v4 -> Make Static. After that some devices connect and DHCP still release that ip for another devices

So, issue is it release same ip address for 2 devices. The network in 2 computers will be error.

I check numbers of device connect to WiFi , only under 120 devices connect in same time.

I don't understand how can DHCP can be realease same ip for 2 devices and do we have any solution to fix it ?

  • DHCP in UTM does not work like DHCP in Windows servers - there are no "reservations" of IPs.  In UTM, you must assign fixed IPs outside the 'Range' of the DHCP server.  I usually recommend a range of .100 to .199.

    Cheers - Bob

  • As Bob mentioned, You can not keep a static IP in the DHCP Pool range. UTM9 does not allow you to "BIND" an IP address to a specific host from DHCP range. 

  • In reply to BAlfson:

    This network already out of DHCP SEVER .

    I make dhcp on Sophos, realease ip by sophos.

    and users is working on Laptop at company and at home.

    so we cannot assign static ip on that laptop.

    if i configure ip scope : 172.19.0.100 -> 172.19.0.199

    default that WiFi is block internet.

    on sophos I have to configure for some special laptop can be access internet by IP Address. So if the next time that laptop get another ip, how can it can access internet ? 

     

     

  • In reply to nguyen duc khanh1:

    The suggestion is to let the DHCP server assign IPs dynamically in the range of 172.19.0.100-to.199 in 172.19.0.0/24.  Then, assign fixed IPs in .2-to-.99 and in .200-to-254.

    "This network already out of DHCP SEVER ."  I don't understand - do you mean that the entire 172.16.0.0/24 subnet is already used?

    "default that WiFi is block internet." - Please show the relevant configuration.

    A laptop used in the office will connect from a MAC address that can be used with a Host definition with Static mapping to allow the DHCP server to assign a fixed IP in .2-to-.99 or in .200-to-254.  Outside the office, the user must connect via a remote access VPN.  If the user name is "nguyen" and nguyen is logged in via remote access, the Network object will have an IP address assigned in the VPN pool for the remote access method.  For example, via the SSL VPN, the IP might be 10.242.2.5.  To make Firewall and Web Protection rules for nguyen's access when connected via VPN, use the "nguyen (User Network)" object.

    Cheers - Bob

  • In reply to BAlfson:

    I don't understand how can configure DHCP server using same time Normal and Static map client.

    If enable Static map client it mean users cannot connect to that WiFi by password, after I'm map MAC address for them it will can be connected.-> it not comfortable and very complex troublesome if someone wait for me to add their MAC address.

    I have share some pictures about dhcp, map static, duplicated ip address and profile to block internet of WiFi network.

    link

    about outside office, we just make sure that "they not using proxy server of company, it enough form them to access internet at Home.-> it that laptop never set proxy server" 

     

  • In reply to nguyen duc khanh1:

    You don't need to manually assign a MAC address in a Host definition.  When you select [Make Static], you must choose an IP that's in the subnet of the LAN, but outside of the 'Range' assigned dynamically by the DHCP server.  That way, when the lease for the IP in the dynamic range expires, the device will be assigned the new, fixed IP you specified after pressing [Make Static].

    For the user's PC to get the new IP you assigned immediately, do ipconfig /release and then ipconfig /renew at the command line of the PC.

    Cheers - Bob