This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG135 DHCP static Lease import not working

I am setting up a new Sophos XG135 (SFOS 18.0.5 MR-5-Build586) and need to add a bunch of static IP Reservations to the DHCP server. I set up one or 2 via the Gui, and exported it, made changes, and added the Static Reservations like below then Imported:

    <StaticLease>
      <Lease>
         <HostName>Host1</HostName>
         <MACAddress>MAC1</MACAddress>
         <IPAddress>IP1</IPAddress>
      </Lease>
      <Lease>
         <HostName>Host2</HostName>
         <MACAddress>MAC2</MACAddress>
         <IPAddress>1IP2</IPAddress>
      </Lease>
      <Lease>
         <HostName>Host3</HostName>
         <MACAddress>MAC3</MACAddress>
         <IPAddress>Ip3</IPAddress>
      </Lease>
    </StaticLease>

In the logs, it says it imports fine but doesn't show in the GUI.

This thread was automatically locked due to age.

Top Replies

FormerMember over 2 years ago in reply to Joshua Smith3 +2 suggested

Hi Joshua Smith3 , Try to update the DHCP server using API. Click here to know more information on 'How to allow API access'. ==> Replace bold parameters in the following API controller string(for…

Parents

0 rfcat_vk over 2 years ago

Hi,

are the addresses outside the dhcp range?
ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Joshua Smith3 over 2 years ago in reply to rfcat_vk

Hi,

yes the IP's are outside the dynamic dhcp range
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 2 years ago in reply to Joshua Smith3

Hello Joshua.

In the file you imported did you add the name and Port of the DHCP server?

https://community.sophos.com/sophos-xg-firewall/f/discussions/93358/import-dhcp-static-entries

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel

0 Joshua Smith3 over 2 years ago in reply to emmosophos

HI,

Yes I do have the Name and Port, Ill paste the DHCP part of the config here sans any personal info

<DHCPServer transactionid="">
    <Name>DHCP</Name>
    <Status>1</Status>
    <Interface>Port1</Interface>
    <IPLease>
      <IP>192.9.201.200-192.9.201.250</IP>
    </IPLease>
    <StaticLease>
      <Lease>
        <HostName>Host</HostName>
        <MACAddress>MAC</MACAddress>
        <IP>IP</IP>
      </Lease>
      <Lease>
        <HostName>Host</HostName>
        <MACAddress>MAC</MACAddress>
        <IP>IP</IP>
      </Lease>
      <Lease>
        <HostName>Host</HostName>
        <MACAddress>MAC</MACAddress>
        <IP>IP</IP>
      </Lease>
      <Lease>
        <HostName>Host</HostName>
        <MACAddress>MAC</MACAddress>
        <IP>IP</IP>
      </Lease>
    </StaticLease>
    <ConflictDetection>Enable</ConflictDetection>
    <LeaseForRelay>Disable</LeaseForRelay>
    <SubnetMask>255.255.255.0</SubnetMask>
    <DomainName></DomainName>
    <DefaultLeaseTime>1440</DefaultLeaseTime>
    <MaxLeaseTime>2880</MaxLeaseTime>
    <UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
    <PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
    <SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
    <PrimaryWINSServer/>
    <SecondaryWINSServer/>
    <Gateway>192.9.201.254</Gateway>
    <UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
  </DHCPServer>

Just a note, I do have +/- 50 of the Lease blocks within the StaticLease tag

0 FormerMember over 2 years ago in reply to Joshua Smith3

Hi Joshua Smith3,

Try to update the DHCP server using API.

Click here to know more information on 'How to allow API access'.

==> Replace bold parameters in the following API controller string(for browser).

https://<Firewall_IP_address>:4444/webconsole/APIController?reqxml=<Request><Login><Username>apiadmin</Username><Password>Password</Password></Login>
<Set operation="update">
<DHCPServer transactionid="">
<Name>DHCP</Name>
<Status>1</Status>
<Interface>Port1</Interface>
<IPLease>
<IP>192.9.201.200-192.9.201.250</IP>
</IPLease>
<StaticLease>
<Lease>
<HostName>Host</HostName>
<MACAddress>MAC</MACAddress>
<IP>IP</IP>
</Lease>
<Lease>
<HostName>Host</HostName>
<MACAddress>MAC</MACAddress>
<IP>IP</IP>
</Lease>
</StaticLease>
<ConflictDetection>Enable</ConflictDetection>
<LeaseForRelay>Disable</LeaseForRelay>
<SubnetMask>255.255.255.0</SubnetMask>
<DomainName></DomainName>
<DefaultLeaseTime>1440</DefaultLeaseTime>
<MaxLeaseTime>2880</MaxLeaseTime>
<UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
<PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
<SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
<PrimaryWINSServer/>
<SecondaryWINSServer/>
<Gateway>192.9.201.254</Gateway>
<UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
</DHCPServer>
</Set>
</Request>

Note: Please take a configuration backup before making any configuration changes.
Cancel
Vote Up +2 Vote Down

Cancel
0 Joshua Smith3 over 2 years ago in reply to FormerMember

trying to do this in a browser isn't possible as my XML has too many characters for the browser (chrome) I get a 414 error.

If I try it via Curl i get a <Status code="529">Input request file is Invalid</Status>
Cancel
Vote Up 0 Vote Down

Cancel
+1 FormerMember over 2 years ago in reply to Joshua Smith3

Try following the below steps:

Create .xml file with below tags/attributes

api.xml

======================================================

<Request><Login><Username>apiadmin</Username><Password>Password</Password></Login>
<Set operation="update">
<DHCPServer transactionid="">
<Name>DHCP</Name>
<Status>1</Status>
<Interface>Port1</Interface>
<IPLease>
<IP>192.9.201.200-192.9.201.250</IP>
</IPLease>
<StaticLease>
<Lease>
<HostName>Host</HostName>
<MACAddress>MAC</MACAddress>
<IP>IP</IP>
</Lease>
<Lease>
<HostName>Host</HostName>
<MACAddress>MAC</MACAddress>
<IP>IP</IP>
</Lease>
</StaticLease>
<ConflictDetection>Enable</ConflictDetection>
<LeaseForRelay>Disable</LeaseForRelay>
<SubnetMask>255.255.255.0</SubnetMask>
<DomainName></DomainName>
<DefaultLeaseTime>1440</DefaultLeaseTime>
<MaxLeaseTime>2880</MaxLeaseTime>
<UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
<PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
<SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
<PrimaryWINSServer/>
<SecondaryWINSServer/>
<Gateway>192.9.201.254</Gateway>
<UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
</DHCPServer>
</Set>
</Request>

======================================================

Run the following command.

curl -k https://<Firewall_IP_Address>:4444/webconsole/APIController -F "reqxml=<api.xml"

I've tested same in my lab environment and it's working fine.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

+1 FormerMember over 2 years ago in reply to Joshua Smith3

Try following the below steps:

Create .xml file with below tags/attributes

api.xml

======================================================

<Request><Login><Username>apiadmin</Username><Password>Password</Password></Login>
<Set operation="update">
<DHCPServer transactionid="">
<Name>DHCP</Name>
<Status>1</Status>
<Interface>Port1</Interface>
<IPLease>
<IP>192.9.201.200-192.9.201.250</IP>
</IPLease>
<StaticLease>
<Lease>
<HostName>Host</HostName>
<MACAddress>MAC</MACAddress>
<IP>IP</IP>
</Lease>
<Lease>
<HostName>Host</HostName>
<MACAddress>MAC</MACAddress>
<IP>IP</IP>
</Lease>
</StaticLease>
<ConflictDetection>Enable</ConflictDetection>
<LeaseForRelay>Disable</LeaseForRelay>
<SubnetMask>255.255.255.0</SubnetMask>
<DomainName></DomainName>
<DefaultLeaseTime>1440</DefaultLeaseTime>
<MaxLeaseTime>2880</MaxLeaseTime>
<UseApplianceDNSSettings>Disable</UseApplianceDNSSettings>
<PrimaryDNSServer>192.9.201.1</PrimaryDNSServer>
<SecondaryDNSServer>8.8.8.8</SecondaryDNSServer>
<PrimaryWINSServer/>
<SecondaryWINSServer/>
<Gateway>192.9.201.254</Gateway>
<UseInterfaceIPasGateway>UseInterfaceIPAsGateway</UseInterfaceIPasGateway>
</DHCPServer>
</Set>
</Request>

======================================================

Run the following command.

curl -k https://<Firewall_IP_Address>:4444/webconsole/APIController -F "reqxml=<api.xml"

I've tested same in my lab environment and it's working fine.
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 Joshua Smith3 over 2 years ago in reply to FormerMember

Thank you this worked!
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 2 years ago in reply to Joshua Smith3

Here is an article you can refer to get more information on the XML tags and the status codes used in the API.

API Documentation (sophos.com)
Cancel
Vote Up 0 Vote Down

Cancel