This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG135 DHCP static Lease import not working

I am setting up a new Sophos XG135 (SFOS 18.0.5 MR-5-Build586) and need to add a bunch of static IP Reservations to the DHCP server. I set up one or 2 via the Gui, and exported it, made changes, and added the Static Reservations like below then Imported:

    <StaticLease>
      <Lease>
         <HostName>Host1</HostName>
         <MACAddress>MAC1</MACAddress>
         <IPAddress>IP1</IPAddress>
      </Lease>
      <Lease>
         <HostName>Host2</HostName>
         <MACAddress>MAC2</MACAddress>
         <IPAddress>1IP2</IPAddress>
      </Lease>
      <Lease>
         <HostName>Host3</HostName>
         <MACAddress>MAC3</MACAddress>
         <IPAddress>Ip3</IPAddress>
      </Lease>
    </StaticLease>

In the logs, it says it imports fine but doesn't show in the GUI.



This thread was automatically locked due to age.
  • Hi,

    are the addresses outside the dhcp range?
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    yes the IP's are outside the dynamic dhcp range

  • Hello Joshua.

    In the file you imported did you add the name and Port of the DHCP server?

    https://community.sophos.com/sophos-xg-firewall/f/discussions/93358/import-dhcp-static-entries

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • HI,

    Yes I do have the Name and Port, Ill paste the DHCP part of the config here sans any personal info

    <DHCPServer transactionid="">
        <Name>DHCP</Name>
        <Status>1</Status>
        <Interface>Port1</Interface>
        <IPLease>
          <IP>192.9.201.200-192.9.201.250</IP>
        </IPLease>
        <StaticLease>
          <Lease>
            <HostName>Host</HostName>
            <MACAddress>MAC</MACAddress>
            <IP>IP</IP>
          </Lease>
          <Lease>
            <HostName>Host</HostName>
            <MACAddress>MAC</MACAddress>
            <IP>IP</IP>
          </Lease>
          <Lease>
            <HostName>Host</HostName>
            <MACAddress>MAC</MACAddress>
            <IP>IP</IP>
          </Lease>
          <Lease>
            <HostName>Host</HostName>
            <MACAddress>MAC</MACAddress>
            <IP>IP</IP>
          </Lease>
        </StaticLease>
        <ConflictDetection>Enable</ConflictDetection>
        <LeaseForRelay>Disable</LeaseForRelay>
        <SubnetMask>255.255.255.0</SubnetMask>
        <DomainName></DomainName>
        <DefaultLeaseTime>1440</DefaultLeaseTime>
        <MaxLeaseTime>2880</MaxLeaseTime>
        <UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
        <PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
        <SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
        <PrimaryWINSServer/>
        <SecondaryWINSServer/>
        <Gateway>192.9.201.254</Gateway>
        <UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
      </DHCPServer>

    Just a note, I do have +/- 50 of the Lease blocks within the StaticLease tag

  • FormerMember
    0 FormerMember in reply to Joshua Smith3

    Hi ,

    Try to update the DHCP server using API.

    Click here to know more information on 'How to allow API access'.

    ==> Replace bold parameters in the following API controller string(for browser).

    https://<Firewall_IP_address>:4444/webconsole/APIController?reqxml=<Request><Login><Username>apiadmin</Username><Password>Password</Password></Login>
    <Set operation="update">
    <DHCPServer transactionid="">
    <Name>DHCP</Name>
    <Status>1</Status>
    <Interface>Port1</Interface>
    <IPLease>
    <IP>192.9.201.200-192.9.201.250</IP>
    </IPLease>
    <StaticLease>
    <Lease>
    <HostName>Host</HostName>
    <MACAddress>MAC</MACAddress>
    <IP>IP</IP>
    </Lease>
    <Lease>
    <HostName>Host</HostName>
    <MACAddress>MAC</MACAddress>
    <IP>IP</IP>
    </Lease>
    </StaticLease>
    <ConflictDetection>Enable</ConflictDetection>
    <LeaseForRelay>Disable</LeaseForRelay>
    <SubnetMask>255.255.255.0</SubnetMask>
    <DomainName></DomainName>
    <DefaultLeaseTime>1440</DefaultLeaseTime>
    <MaxLeaseTime>2880</MaxLeaseTime>
    <UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
    <PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
    <SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
    <PrimaryWINSServer/>
    <SecondaryWINSServer/>
    <Gateway>192.9.201.254</Gateway>
    <UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
    </DHCPServer>
    </Set>
    </Request>

    Note: Please take a configuration backup before making any configuration changes.

  • trying to do this in a browser isn't possible as my XML has too many characters for the browser (chrome) I get a 414 error.

    If I try it via Curl i get a <Status code="529">Input request file is Invalid</Status>

  • FormerMember
    +1 FormerMember in reply to Joshua Smith3

    Try following the below steps:

    Create .xml file with below tags/attributes

    api.xml

    ======================================================

    <Request><Login><Username>apiadmin</Username><Password>Password</Password></Login>
    <Set operation="update">
    <DHCPServer transactionid="">
    <Name>DHCP</Name>
    <Status>1</Status>
    <Interface>Port1</Interface>
    <IPLease>
    <IP>192.9.201.200-192.9.201.250</IP>
    </IPLease>
    <StaticLease>
    <Lease>
    <HostName>Host</HostName>
    <MACAddress>MAC</MACAddress>
    <IP>IP</IP>
    </Lease>
    <Lease>
    <HostName>Host</HostName>
    <MACAddress>MAC</MACAddress>
    <IP>IP</IP>
    </Lease>
    </StaticLease>
    <ConflictDetection>Enable</ConflictDetection>
    <LeaseForRelay>Disable</LeaseForRelay>
    <SubnetMask>255.255.255.0</SubnetMask>
    <DomainName></DomainName>
    <DefaultLeaseTime>1440</DefaultLeaseTime>
    <MaxLeaseTime>2880</MaxLeaseTime>
    <UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
    <PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
    <SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
    <PrimaryWINSServer/>
    <SecondaryWINSServer/>
    <Gateway>192.9.201.254</Gateway>
    <UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
    </DHCPServer>
    </Set>
    </Request>

    ======================================================

    Run the following command.

    curl -k https://<Firewall_IP_Address>:4444/webconsole/APIController -F "reqxml=<api.xml"

    I've tested same in my lab environment and it's working fine.

  • check this: https://community.sophos.com/sophos-xg-firewall/f/discussions/128915/the-file-that-you-are-trying-to-import-is-not-a-supported-file-format-only-tar-file-format-is-supported

    you can tail the csc.log while importing via Webadmin. Maybe you find an overseen error?

    Also if 50 blocks is too much, go smaller.

  • FormerMember
    0 FormerMember in reply to Joshua Smith3

    Here is an article you can refer to get more information on the XML tags and the status codes used in the API.

    API Documentation (sophos.com)