Static entry bug?

Yes, That's a bug within the GUI.

If you try to add the new IP/MAC to existing host, the IP for this host is changed, but not the DHCP Server/Scope/Subnet.

If you open the network object afterwards, you are unable to save until you correct this error.

Thanks - does this get reported to Sophos by some mechanism?

Someone has to open a support-ticket.

This is possible for a customer with platinum-support or a partner.

This Needs a lot of time (money).

Or we have luck and a sophos staff member will read this post and solve this problem for us.

The following might be related to this bug.

Main lan network = 10.10.1.0/24, interface ip = 10.10.1.1
vlan4 network (same physical interface as main lan) = 10.10.4.0/24, interface ip = 10.10.4.1

Client on vlan 4 using gateway ip (from bug above) of main lan 10.10.1.1 has full internet connectivity. That is,

client ip addr = 10.10.4.100/24
gateway = 10.10.1.1
dns = 1.1.1.1

Why does this client on subnet 10.10.4.0/24 have access to 10.10.1.1?

It seems as though the main lan ip is an alias of some sort for the vlan gateways.  The expected behavior is no internet connectivity, and no pinging of the 10.10.1.1 from 10.10.4.0/24 clients. All the icmp options under firewall/icmp are unchecked.

Only the main lan is defined in the web filtering/global/allowed networks.

Actually, that makes sense now. The USB installer bug (where you have to manually mount the USB drive before installing) is at least 5 years old (it bit me the first time I installed). I've found another bug where when I edit any of my wireless networks, it automatically changes everything back to the very first wireless network i created (name, SSID and password) and wipes out the one I was editing. The one it changes them back to doesn't actually exist any more either.

This begs the question - if they aren't using us as beta testers, what is the value to Sophos in giving UTM away for free to home users? 

I haven't seen this, Dave.  One thing that's not well documented is that the static IPs for DHCP are not reservations like in Windows DHCP.  Static IPs must be set outside the dynamic range of the DHCP server.  When you created the new Host on the 'DHCP Leases' tab, had you already deleted the old Host definition that had the same MAC address?

Cheers - Bob

Hi dirkkotte 

Thank you for reporting this, but it is not a bug but an expected behavior. If the existing host is in network 192.168.1.0/24 and interface eth0, when you try to add new IP which is not part of that network and interface, UTM will present you the error message to correct the interface/DHCP server.

The interface/DHCP server and IP address of the static host should be in the same network. 

To avoid an IP address clash between regularly assigned addresses from the DHCP pool and those statically mapped make sure that the latter are not in the scope of the DHCP pool. For example, a static mapping of 192.168.0.200 could result in two systems receiving the same IP address if the DHCP pool is 192.168.0.100 – 192.168.0.210.

Thanks,

Hi H_Patel,

the problem is, the GUI don't correct me ...

First ... you have a host-definition with dhcp settings from yesterday. yesterday the host is connected to Subnet A. DHCP settings (IP&DHCP-Scope) are from Subnet A.

Today you connect host to subnet B. Host receive correct IP & Subnet data for Subnet/scope B.

If you now show the list of dynamically assigned IP-adresses and select "make static" the host (currently using dynamic assigned address from subnet B) is assigned a IP from subnet B but keeps the dhcp server/scope from IP assigned before (subnet A). .... there is no option to change this at this point.

So the next DHCP answer send IP from sunbet B and gateway from subnet A.

if you open the host definition you have to correct IP and DHCP-Scope before you are able to save.

Hi Dirk,

I agree that the GUI should refuse to make a Static Host with an IP inside the dynamic range of the DHCP server.  I think you already knew that there's no such thing as a "reservation" like there is in Windows DHCP.

Cheers - Bob