Losing DHCP Gateway

This problem started with 17.5.0 GA.  The firewall is handling DHCP for my lan.  Users have started to lose the default gateway(the Firewall) randomly throughout the day.  I have to either reset the switch or the desktop network adapter in order to regain internet connectivity.  This does NOT happen to all users at the same time.

I updated to XG 115 SFOS 17.5.5 MR5 but the problem still exists.  This actually introduced another problem of not being able to access the gui from Sophos Central, but that's not as pressing.  Any thoughts on this would be appreciated.

Thanks

Larnel

  • In reply to LuCar Toni:

    The only place I've seen this to be an issues is at home, installed on a Dell OptiPlex 3010 - 128GB SSD and 8GB RAM..

     

    Can't remember the processor - it was something thrown together from old 3010 spares I had.

     

    Customers use Active Directory for DHCP and DNS, so not had any experience on customers sites.

  • I've been seeing this on XG Home for quite some time. Super frustrating

     

    hardware ASUS intel 3150N board

    8gb ram

    128SSD

    Dual port Intel PCIe Nic (wan and lan)

    1 Realtek for opt interface to guest wireless

     

    I lose DHCP AND lose access to WebGUI and ssh (tells me access denied). Basically it becomes unusable until i pull the plug. 

    When this happens. I'll usually swap for my UTM 9 SSD and use it. Then I wait until next MP for the XG 17.5. 

    #gettingold 

     

    side note: sophos UTM, untangle and pfsense on same hardware is rock solid.

  • In reply to LuCar Toni:

    I have 3 in use:

    XG105rev 2: At customer A, with more users then it should be able to handle, 42 computers and tons of site to site vpns...kinda always had to turn off certain services that aren't critical. Had it running 16.5.8 mr 8 for 2 years, never any issues with DHCP.

    XG 105w rev3: I temporarily placed this on-site at customer A a few weeks ago with the same configuration (i did a backup restore) because I wanted to give the latest firmware a try to see if I can upgrade. New unit in place seemed fine so I decided to leave it there for a few days. Well, next morning at open of business, they called me and had no internet due to the DHCP renewal not passing a default gateway. Keep in mind this hardware is much better then the rev2 was. This tells me it has to do with v17 something out introduced like new DHCP method.

    XG210 rev3: I replaced xg105 last week with this nice 210 v3 but to be sure I wouldn't run into issues i ran the dhcp old command right away.  So that doesn't help much i guess. If i had a weekend soon where i could switch back to DHCP new and watch what happens i will.

  • In reply to apalm123:

    Hi,

    I ended changing all my DHCP leases to longer time to live and that for me seems to fixed the problem.

    Ian

  • In reply to apalm123:

    Do not forget it goes back to new mode after a firmware upgrade.

    Paul Jr

  • In reply to LuCar Toni:

    I have 2 XG Home devices which are having issues with new dhcp. One is Intel Celeron 3865u and 2nd one is a i3-7100u. Both have 8GB RAM and 128GB SSD.

    They both serve a /26 network

  • In reply to siuswat:

    Did you try system dhcp conf-generation-method old at the command line?  Still working for a week later.

  • In reply to JacobRodriguez:

    This issue has now been resolved in SFOS v17.5.8:

    https://community.sophos.com/products/xg-firewall/b/blog/posts/sfos-17-5-mr8-released

    • NC-48031 [Interface Management] Wifi client did not get gateway and other config after reboot until enable and re-enable the wifi on client
  • In reply to LuCar Toni:

    hi,

    i hope this will do the trick, as none of my clients having this probleme were wifi !

  • In reply to LuCar Toni:

    Changing the dhcp to the old method using the command line console is still working for me a month later.  I can see how increase the lease team would work also.

     

     

    Command:
    console> system dhcp conf-generation-method old
  • In reply to JacobRodriguez:

    Nevertheless should the DHCP "new" Mode work after updating to MR8. 

  • In reply to LuCar Toni:

    Will try this today at a customers site using a XG 135. Hopefully this will fix it.

     

    We have many XG's with this problem and I contacted Sophos Support and told them the problem and asked if they had any other customers with this issue, and the just bluntly say that the did not, even when I also included this thread it the ticket.

     

    I find it very frustrating that Sophos Support does not have a clue what is going on at their customers XG's, and even more so that they are not communicating with their devopment team about known issues.

    Every issue seems new to them and they act like it is some strange exotic issue. I never had a Sophos Support employee tell me that some issue is known and they are working on it.

  • In reply to LuCar Toni:

    LuCar Toni

    Nevertheless should the DHCP "new" Mode work after updating to MR8. 

    Hey LuCar Toni - after loading MR8 do we need to run a command to use NEW or does MR8 do it automatically?

     
  • In reply to M8ey:

    hello,

    it seems that new dhcp mode won't be activated automatically after mrX to mr8 upgrade if it has been manually disabled.

  • In reply to M8ey:

    As far as i know, the manual setup (switching to old) will keep on old.

    You have to switch to new afterwards to have the new mode.