Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR2: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR2 is Now Available    

The old V20.0 MR1 Post:  Sophos Firewall: v20.0 MR1: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Edited TAGs
[edited by: Erick Jan at 8:29 AM (GMT -7) on 23 Jul 2024]

Top Replies

Parents
  • We are currently running V20 MR2 and continue to observe that the DHCP server is issuing renewals every 30 seconds to 1-2 minutes for several clients. This issue persists on our customers firewalls as well. The default lease time being set to 1440 minutes and the maximum lease time to 2880 minutes,

    There should be a fix for this, but we haven't seen any improvements yet. We are using a single WAN connection. What steps should we take to address this issue?

    DHCP enhancements

    • IPv6 DHCP prefix delegation: The firewall requests the preferred prefix from the ISP each time you update the interface configuration or when the firewall restarts.
    • DHCP lease time: DHCP clients will make renewal requests at 30 seconds if the lease interval's half-time is 30 seconds or less, ensuring continuous WAN connectivity.
  • Could you please elaborate more about the issue faced?

    - When you say  "DHCP server is issuing renewals every 30 seconds to 1-2 minutes", are you referring to DHCP server running on SFOS or DHCP server running on WAN ISP?

    - Also, you have mentioned that "continue to observe". Does it mean similar issue was faced in previous SFOS releases and it's not related to v20-MR2?

    DHCP enhancements mentioned below is about SFOS WAN interface acting as DHCP client which was not honoring lower lease duration like 30 seconds.

    • DHCP lease time: DHCP clients will make renewal requests at 30 seconds if the lease interval's half-time is 30 seconds or less, ensuring continuous WAN connectivity.

    So more insight would help to understand your issue better.

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

  • DHCP server running on Sophos, and i can see the same thing on customers running SFOS 20.0.0 GA-Build222

    Example: https://imgur.com/a/LkfBsve 

  • Thanks for the clarification.

    I would suggest to check whether multiple DHCP servers are running in the network and client is being forced to release leased IP. That could be one of the reasons you might be seeing frequent lease renewals than configured interval (1440min).

    If it doesn't resolve, do you mind raising support case?

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

Reply
  • Thanks for the clarification.

    I would suggest to check whether multiple DHCP servers are running in the network and client is being forced to release leased IP. That could be one of the reasons you might be seeing frequent lease renewals than configured interval (1440min).

    If it doesn't resolve, do you mind raising support case?

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

Children