We'd love to hear about it! Click here to go to the product suggestion community
So, I've been using the home version of UTM for many, many years. All has been good, but now I'm hitting the IP limit (Thanks IoT!).
So I've installed XG alongside the original UTM VM with an interface on my main network, a private link from the XG WAN port to an input in the UTM, and a separate Port connected to a VLAN.
Pointing a PC to the XG as the router, works absolutely fine. Even on the VLAN interface, it works great. But... ONLY if it has a static IP. When I try to use the DHCP relay function on the XG, I get an error in the pCAP as shown below. This shows port 68,67 status viaolation, reason Local_ACL
I've added the DHCP relay to the VLAN port and pointed to the DHCP server. I also tried adding various Any<>Any rules in the firewall config and tried (without success) to add a DHCP application to the Device Access (can't seem to find a way to add DHCP to this).
As an aside, if I enable an XG DHCP server on this same VLAN port, I get an IP address, so all my VLAN tagging and network access outside the XG is fine.
With the UTM, it was so much simpler....and it worked fine...
Any idea what I am missing?
Thanks in advance.
Hi FillDee Packet capture may show violation for DHCP and DHCP relay traffic:https://community.sophos.com/kb/en-us/134616TCPDUMP, PCAP will be more helpful to identify and fix the issue if you are facing an issue with DHCP relay:TCPDUMP command:console> tcpdump 'port 67 or 68 -AaPCAP KBA:https://community.sophos.com/kb/en-us/127647
In reply to Vishal_R:
Thanks for the article, it did help a bit.
Running a console packet capture and analysing it, shows this that it does seem to create the DHCP requests.
I don't see anything in the DHCP server logs, so not sure the requests are reaching the DHCP server.
As I said, the same setup with the same DHCP server works absolutely fine with UTM, so not really sure where to go from here.....
I've marked the answer as correct, since it led me down the correct path.
Turned out the DHCP requests and offers were being received / given, but the DHCP Server didn't know how to get back to the remote network.
My fault :)
In reply to FillDee:
Hi FillDee Thanks for sharing the resolution and I am glad to hear you managed to fix the issue.