networkd.log file questions

The reason I am asking is one of my XGS107's stops renewing the wan dhcp address after 12 or so hours. I lose wan connection when the ip on the wan changes and the firewall has stopped renewing the ip address. I can get things working again by connecting to the XGS via the lan port and save the wan port2 connection, which apparently wakes up networkd and checks all the ports, and gets a valid ip. Problem is that requires driving to the remote site.

So far, support is lost. They keep wanting to look at the dhcpd.log file but that isn't where the wan dhcp requests and results show up. That is for the dhcp service on the lan or other ports,

Hello Mark,

Thank you for contacting the Sophos Community.

Can you confirm the Case ID is 06370178?

What Firmware version are you using?

What is the issue you’re facing with the DHCP on WAN? The lease expires, and the Firewall doesn't request a new one, or for example, the modem goes down, it gets a new IP, but the Sophos Firewall keeps the old IP? 

I will pass you feedback about the time stamp.

The logs you can check are:
syslog.log
dgd.log
networkd.log 

Regards,

Yes that is the correct case number. XGS107 (SFOS 19.5.1 MR-1-Build278)

I was losing connectivity over the wan port. I could log into the firewall from the lan port and look at the logs. I'm certainly no log guru but it appeared to me the process that writes networkd.log stopped requesting to renew the ip address. It would usually work once but fail at the second renew, 24 hours. I could recover the port by opening the wan port in Networking and saving it. For some reason I can't explain I replaced the network cable between the XGS107 and the Cradlepoint CBA850. The firewall stayed connected through the entire weekend and the logs show it was renewing the ip. I'm wondering if there was some problem with the cable that hung up the process? I'm stumped.

I wish the udhcpc reported in networkd.log had a timestamp for debugging purposes. Now I just count the number of renews since the last timestamp and multiply by 12 hours to determine if the logs are still being written to.

MarkThornton said:

: sending renew to 100.79.79.220
u

Hello Mark,

Thank you for the update!

There’s a known limitation in the Sophos Firewall; for example, if you shut down the Modem and turn it on again, the Sophos Firewall won’t change the WAN IP because of the RFC standard; it won't request any IP.

However, if you edit the interface, click "edit", and click save, the new IP will be assigned to the WAN.

This behavior will change in future DHCP improvements (no ETA).

I don't think you’re affected by this, but this is what I was after. 

Regards,

Thank you for the info on the limitation. That sounds a bit like what I was experiencing, the cable must have been dropping the connection enough to trigger something like that. The concern I have that it sounds like you are addressing is if we have a power outage and all devices get bounced, are we now in a race to get everything back up in the right order so connectivity returns when power is restored at the remote location. In our case the Cradlepoint modem seems to boot up and be ready much faster than the Sophos so hopefully that problem won’t occur unless I trip over a power cord or something.