DHCP reservations

Just for your information: UTM would assign the ip in duplicate manner. You can read about this in the UTM Online help. UTM can potentially cause IP conflicts, if you do this. 

Personally, i would differentiate between client and server resources. Something you want to access and something, which is used to access. In the end, most customer in larger environments use the DHCP and DNS services of there AD services or external resources. 

Oh no way!! Glad that never happened to me, "duplicating IP in DHCP", good to know! Even tho we're phasing out SG. 

Alas, this was just really for like one device, maybe two at best in case it was warranted (I prefer static). Seemed useful and I was surprised when someone showed me the capability of it, nice little trick in a bind.

Personally, I like the flexibility that the vast majority of vendors provide by giving you the option to reserve an assigned DHCP address from the allocated pool. Why not have the option? Of course you would segment infrastructure from client devices, but for edge cases such as a printer on a desk, or workstations that need a specific SNAT rule etc, having the option available would be very helpful and there is no reason not to have it.

The reason is simple: It would cause effort to develop a mechanism to avoid duplicate entries in the DHCP service. To avoid this, you need to build a feature. There are other features currently under development. And personally i would not see this as an valuable addition to the feature set of the firewall. Feel free to raise this feature request with your sales peer and discuss this further but this kind of request is rare from my point of view. 

If you "simply allow the entry of the scope", this could cause problems in the DHCP scopes. You need to build up the entire feature of avoiding the duplicate leases etc. 

There are limited resources in each and every software development. And currently the focus is software development for security techniques and SD-WAN Features. You see the recent feature set of V19.5. There are features for bigger customers as well, as well as features for smaller customers. But it is a balance between features. 

To extract resources from certain features to build such a feature, which seems to be not "that important for the majority of the installations base" is off to me. 

Reason not accepted. If you have such scarce development resources as to not be able to implement an extremely trivial DHCP server feature implementation, then that is a concern. Can you provide a source where you asked your customer base if they prefer the SOPHOS XG's non-standard DHCP server implementation?

Hi Oliver,

the DHCP server module came from the cyberoam software. From memory it was an off the shelf application that required minimal work to make it perform. Since th original XG there have been a few teaks, nowhere near enough. There are a couple of additions that would not compromise security eg changed in the GUI to allow DUID selection, change field width and others.

Basically as the server is configured at the moment it only has one scope and many IP ranges that is why you cannot have a device receive a new IP address on different interfaces which is very frustrating.

Ian

Feel free to discuss this matter with your sales and sales engineer to get the feature request created. Based on the priority and other customer asking for the same, Product management will act on such requests. 

BTW: rfcat_vk This works: https://support.sophos.com/support/s/article/KB-000036032?language=en_US