DHCP delete lease

Your maybe not know, that "delete" options exists in very large set of products :D (and this is "only" a "small business switch") :D

the fact that sophos don't allow this option, is a very lack, and I read a lot of arrogance by sophos about this topic :(

I resume:

When I plug a computer it obtains an IP (follow screenshot)

and when next I define a static IP in General Setting(follow screenshot)

the computer not obtain IP statically defined and it is necessary to wait for an indefinite time, even if I set up 1 Minutes as Max Lease Time (follow screenshot)

This feature is very trivial and I don't understand why you are so strongly unfavorable about this feature :(

 I don

Which brings this discussion right back to where it started. You are asking for the feature, I am saying yes, but later, unless I can understand why this might be a higher priority feature. I am not trying to argue why not to add such a feature. 

MassimilianoDal Cero said:

the computer not obtain IP statically defined and it is necessary to wait for an indefinite time, even if I set up 1 Minutes as Max Lease Time (follow screenshot)

Once a DHCP lease is issued to a client, it will not check back with the firewall, until the lease time it first received, is up. Changing it to 1 minute on the firewall, will make no difference on the lease that the client already has. Even a delete button on the firewall will have no effect on the client. If you want to expire a lease faster, you must go to the client, and release, then renew the address manually. This can also usually be triggered, by disconnecting the ethernet cable for a few seconds, or disconnecting and reconnecting to the wireless network. A delete button will not solve problem you describe, and it won't even help.

> If you want to expire a lease faster, you must go to the client, and release, then renew the address manually.

> This can also usually be triggered, by disconnecting the ethernet cable for a few seconds, or disconnecting and reconnecting to the wireless network

I'm sorry to say, but is exactly what I done :)
(more and more times)

but when the DHCP (re)assign an IP, it assign ever the "old" IP :(
(without consider the statically assigned address)

I have found this behavior on multiple operating systems:

Windows (7, 8.1 and 10), Linux (Ubuntu, Debian, CentOS), MacOS (10.12)

MassimilianoDal Cero said:

but when the DHCP (re)assign an IP, it assign ever the "old" IP

I can't replicate that behavior, and I have tested this recently, many times, on all common desktop OSes, mobile devices, and dozens of different IoT devices. In every single occurrence, when I set a static IP, or move the device to a new network, it gets the expected new IP on the very first release/renew or the first request after re-connection.  Please make sure you're running the latest firmware, and if you continue to see that behavior, there may be a bug peculiar to something in your setup. Please work with support on that. The expected behavior is exactly as I have described it, and anything other than that must be either a bug, or something unexpected, like a second DHCP server on the same LAN.  

Just only for clarity to avoid misunderstanding

This happen only when I have not yet assigned a static IP to a device (computer, phone, ... etc) in DHCP config and the device is plugged on the local network.
in this case DHCP assign a new IP and create an association MAC-IP for use this in the future (as it should be)

Afterwards, going back to XG panel and add a new static assignment using the MAC address of network interface of device.

So, there's nothing to do anymore: the device obtain the first IP and is need waiting a impredictable time for obtain the "static" IP set in the DHCP policy rule :(

I tried to:

- unplug and re-plug cable (multiple times)

- flush local device DHCP (multiple times)

- reboot XG appliance

- I also tried to force reset DHCP lease on XG via ssh advanced shell:

service dhcpd:stop -ds sync
rm -f /tmp/dhcpd.leases*
rm -f /tmp/dhcpd.leases.live
service dhcpd:start -ds sync

Note: that last solution worked on version 15, but not in 16

In all cases:  nothing changes :(

PS:
there are not others DHCP, the IP-MAC association is clearly visible on the XG panel

Actually to start AlanT you said no, because it is such a small feature and so difficult to implement.  No one should be surprised by your response though.  Sophos' arrogance and laziness in support, features, and customer service is unrivaled.  

This is reflected in the fact that Sophos still does not support basic feature found in consumer device let alone UTMs and business development, i.e. band steering for APs (requiring customers to move to wireless cloud management for an additional fee just to get a basic feature is not an acceptable response), DHCP lease deletions, arbitrary character limits on guest wifi portal, 4g modem compatibility, etc.

Everyone using Sophos today, especially paying customers, should seriously evaluate and start making the move to a different solution.  Switching to pfsense for free users is a no brainier, there are multiple guides out  there to get utm features with pfsense.  I'm using the remaining time in my XG sub to find a better solution to move to (sonicwall or fortinet both seem to be better non-budget busting options based on my testing so far). Just my two cents.

Srikant said:

Just my two cents

That's a fairly hostile two cents! I've worked to explore all reasons that have been given in this thread, to understand if this should be a higher priority. Laziness and arrogance would just ignore any conversation on the topic, not thoughtfully respond. We are actively working on many improvements to the product (four feature releases planned over the next ~year), and are simply prioritizing this one a little lower. 

Your complaints about 4G support, are understood, and I sympathize with that complaint. This has been a challenge, and is why we have launched a new 4G module which we can always ensure compatibility with XG, and not be at the mercy of carriers who frequently change the components of models that they offer. 

Arbitrary (a.k.a. too short) character limits on wifi descriptive names (not the ssid name) is also an annoyance for some, and naming and renaming restrictions have been a general complaint here in these forums. We are addressing all of this class of requests, as part of some significant improvements to our configuration management engine, in v18. 

I can't speak to etc.. as there are certainly features we don't have in XG that you might want - but XG has been very successful, worldwide, with its current features. It doesn't try to be the firewall with the most features, but the easiest to use and manage, for the most needed features. You may prefer a competitor, nd perhaps in your case, that is the right choice. No product is perfect for everyone in all circumstances - but XG is succeeding in competition against competitors in sales opportunities, analyst reports (e.g. Gartner), and security reports (e.g. NSS Labs). You may prefer to look at a competitor, but that doesn't make it the right choice for everyone. It's also in rather poor taste to promote competitors in a vendors forums. Doing that in most vendors forums gets your post deleted at a minimum, rather than a response. 

I agree that this would be useful. In the meantime, we'll just stick to using DHCP within our Domain Controllers so we have this ability :) 

AlanT said:

Thanks for the reply, but that scenario wouldn't be possible even if the IP hadn't been given out already. XG (and most other DHCP servers) won't let you assign a static mapping inside of an assigned DHCP scope. So if I set the dhcp range from x.x.x.10 to x.x.x.20, then try to assign x.x.x.19 as a static lease, it will stop me - regardless of whether a client has been given that IP or not. Adding an option to forget dynamic leases wouldn't allow this.

Not true.  Microsoft DHCP servers can statically assign an IP address within an IP range with no issue.  They've been doing it for as long as I can remember.  I've been managing Microsoft networks since 1995 and cannot recall a time when I could not do that.