Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Replies 1 reply
  • Subscribers 38 subscribers
  • Views 82 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall SF Home DHCP not working on wifi with VLAN.

Michal B

I have the latest Sophos Firewall Software Home 20 installed on my mini pc as well as on old XG 135w router and on both devices I experience issue with no DHCP reply for Wifi what using VLAN.
- I have tested Unifi and Zyxel AP same issue
- I have directly connected the Wireless AP to the Sophos Software FW 20
- I get IP for wifi clients connected to wifi SSID what runs without VLAN ( vlan 1)
- the Sophos FW has bridge set for all interfaces except port 2 where is internet.
- both Unifi and Zyxel AP had managemnet vlan set to 1 what is the BR0 network
- there are 2 VLANs on this bridge br0.70 and br0.50 ( vlan 70 and 50)

- when I connect my pc to this sophos fw port and set my interface to vlan 70 or 50 I get the correct IP and internet, same if I set the AP management interface to these vlans
- I have also tried to connection with Unifi AP what has secondary port, if I connect my pc to secondary port I get IP and internet on my pc ok
- The ISSUE is NO DHCP Response for WIFI clients what use SSID on some VLAN
- If I set the IP manually on this wifi device I get internet
- when I check traffic I can see device sending request for DHCP ip, on Sophos Firewall it is being blocked ( even when I have allowed all traffic)
Sophos log shows it that it came from interface 6 ( what is the interface where AP is connected) but not from BR0.70 or BR0.50
Then when I check logs for traffic with manually set IP address, it is comming from correct BR0.70 or BR0.50 vlans

I have tested same equipment with OpenSense FW and it works correctly, so issue is the Sophos.
I work with normal licensed sophos firewall at work, and I am sure that same is happening on the Hardware version when I was trying to connect it to Unifi Switch and AP network and set Guest VLAN to use specific ID, I had to set one of the ports with the normal network, then on core switch connect it as Access Guest VLAN - 2 cables for 2 different networks.

Any suggestions?
is there some issue with VLAN trunk on the firewall?
I tried it with managed switch in between same issue - worked ok only dirrectly connected devices on VLAN, not for wifi SSID on VLAN



Edited TAGs
[edited by: Raphael Alganes at 11:12 AM (GMT -8) on 19 Nov 2024]
Parents Reply Children
No Data
Unfiltered HTML